6 matches found
CVE-2025-15469
Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms such as Ed25519, Ed448, or ML-DSA m...
WordPress Penci Review plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Penci Review versions = 3.5...
CVE-2025-32283 WordPress Solar Energy theme <= 3.5 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in designthemes Solar Energy solar allows Object Injection.This issue affects Solar Energy: from n/a through = 3.5...
RICOH Streamline NX V3 PC Client 路径遍历漏洞
RICOH Streamline NX V3 PC Client is a complete solution for large-scale, integrated management of devices from Ricoh RICOH Japan. A path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 through 3.242.0, which originates from a path traversal and could lead to the...
PT-2025-1962 · WordPress · Gohero Store Customizer For Woocommerce
Name of the Vulnerable Software and Affected Versions: GoHero Store Customizer for WooCommerce plugin for WordPress versions up to, and including, 3.5 Description: The issue allows unauthorized modification of data due to a missing capability check on the wooh action settings save frontend...
PT-2021-3117 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: Moodle versions 3.5 to 3.5.17 Moodle versions 3.8 to 3.8.8 Moodle versions 3.9 to 3.9.6 Moodle versions 3.10 to 3.10.3 Description: A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload...