WordPress plugin Lucky Wheel Giveaway 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress Lucky Wheel Giveaway plugin <= 1.0.22 - Authenticated (Administrator+) Remote Code Execution via 'conditional_tags' Parameter vulnerability

Authenticated Administrator+ Remote Code Execution via 'conditionaltags' Parameter vulnerability discovered by Nguyen Truong Roll - FPT IS in WordPress Plugin Lucky Wheel Giveaway versions = 1.0.22...

AlmaLinux 9 : python3.12-wheel (ALSA-2026:1939)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:1939 advisory. wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking CVE-2026-24049 Tenable has extracted the preceding description...

MiracleLinux 9 : python3.12-wheel-0.41.2-3.el9_7.1 (AXSA:2026-150:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-150:01 advisory. wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking CVE-2026-24049 Tenable has extracted the preceding descripti...

MiracleLinux 8 : python3.12-wheel-0.41.2-4.el8_10 (AXSA:2026-155:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-155:02 advisory. wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking CVE-2026-24049 Tenable has extracted the preceding descripti...

SUSE: Security Advisory (SUSE-SU-2026:20217-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OESA-2026-1281 python-wheel security update

A built-package format for Python. A wheel is a ZIP-format archive with a specially formatted filename and the .whl extension. It is designed to contain all the files for a PEP 376 compatible install in a way that is very close to the on-disk format. Security Fixes: wheel is a command line tool f...

OESA-2026-1280 python-wheel security update

A built-package format for Python. A wheel is a ZIP-format archive with a specially formatted filename and the .whl extension. It is designed to contain all the files for a PEP 376 compatible install in a way that is very close to the on-disk format. Security Fixes: wheel is a command line tool f...

OESA-2026-1279 python-wheel security update

A built-package format for Python. A wheel is a ZIP-format archive with a specially formatted filename and the .whl extension. It is designed to contain all the files for a PEP 376 compatible install in a way that is very close to the on-disk format. Security Fixes: wheel is a command line tool f...

RLSA-2026:1902 Important: python-wheel security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

python-wheel security update

An update is available for python-wheel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

RLSA-2026:2090 Important: python3.12-wheel security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

python3.12-wheel security update

An update is available for python3.12-wheel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

AlmaLinux 8 : python3.12-wheel (ALSA-2026:2090)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:2090 advisory. wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking CVE-2026-24049 Tenable has extracted the preceding description...

SUSE SLES16 Security Update : python-wheel (SUSE-SU-2026:20217-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:20217-1 advisory. - CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification bsc1257100. Tenable has extracted the...

RockyLinux 8 : python3.12-wheel (RLSA-2026:2090)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:2090 advisory. wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking CVE-2026-24049 Tenable has extracted the preceding description...

RockyLinux 10 : python-wheel (RLSA-2026:1902)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:1902 advisory. wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking CVE-2026-24049 Tenable has extracted the preceding description...

python311-wheel-0.46.3-1.1 on GA media (moderate)

python311-wheel-0.46.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:10151-1 Rating: moderate Cross-References: CVE-2026-24049 CVSS scores: CVE-2026-24049 SUSE : 7.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H CVE-2026-24049 SUSE : 7.2...

wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking

A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the...

Important: Red Hat Security Advisory: python3.12-wheel security update

An update for python3.12-wheel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...