CVE-2026-39394

CI4MS vulnerable to CRLF injection in .env via unvalidated host parameter in Install::index(). Before 0.31.4.0, host is read without validation and appended to .env through updateEnvSettings() using preg_replace(), allowing newline characters to inject arbitrary key=value lines (e.g., app.baseURL...

CVE-2026-39394 CI4MS has an .env CRLF Injection via Unvalidated `host` Parameter in Install Controller

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Install::index controller reads the host POST parameter without any validation and passes it directly into updateEnvSettings, which...

EUVD-2023-24107

Malicious code in bioql PyPI...

EUVD-2023-24112

Malicious code in bioql PyPI...

[SECURITY] Fedora 41 Update: valkey-8.0.3-3.fc41

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

CVE-2023-1924

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfctoolbarsavesettingscallback function. This makes it possible for unauthenticated attackers to change cache...

Virtuozzo Hybrid Infrastructure 5.4 Update 3 (5.4.3-100)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover core storage, the system configuration, updates, documentation, and the compute services. Additionally, this release delivers stability improvements and addresses issues found in previous releases...

CVE-2023-1919

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcpreloadsinglesavesettingscallback function. This makes it possible for unauthenticated attackers to change...

CVE-2023-1924

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfctoolbarsavesettingscallback function. This makes it possible for unauthenticated attackers to change cache...

CVE-2023-1924

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfctoolbarsavesettingscallback function. This makes it possible for unauthenticated attackers to change cache...

CVE-2023-1924

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfctoolbarsavesettingscallback function. This makes it possible for unauthenticated attackers to change cache...

CVE-2023-1919

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcpreloadsinglesavesettingscallback function. This makes it possible for unauthenticated attackers to change...

CVE-2023-1919 WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_preload_single_save_settings_callback'

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcpreloadsinglesavesettingscallback function. This makes it possible for unauthenticated attackers to change...

PT-2023-17344 · WordPress · Wp Fastest Cache

Name of the Vulnerable Software and Affected Versions: WP Fastest Cache plugin for WordPress versions up to, and including, 1.1.2 Description: The issue is due to missing or incorrect nonce validation on the wpfc toolbar save settings callback function, making it possible for unauthenticated...

Fedora: Security Advisory for redis (FEDORA-2022-44373f6778)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

WP Super Cache < 1.7.3 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not properly sanitise its wpcachelocation parameter in its settings, which could lead to a Stored Cross-Site Scripting issue. -- Payloads: $ ";' onmouseover=alertdocument.cookie; style=position:fixed;width:100%;height:100%;margin:0;padding:0;left:0;top:0; $ ";'...

CDN Tuning for OTT - "Why Doesn't it Already do That?"

When you initially onboarded your OTT traffic to a CDN, you probably went with default settings. And to be honest, why wouldn't you? A standard media configuration is designed for the short http-based segment delivery at scale. It removes the bottleneck of your origin connectivity, taking you fro...

No credentials of the cases, the attacker will be able to login to FreeRADIUS-vulnerability warning-the black bar safety net

Recently, from the Luxembourg RESTENA the security research expert Stefan Winter in the current world's most popular radius server found a TLS authentication bypass vulnerability. ! FreeRADIUS is currently the world's most popular RADIUS server, in fact the vast majority of the radius server is...

Any Write cache mode which involves the Target Device local HDD reverts to server side caching

When trying to configure the write cache, any selection that involves the local HDD of the target device would fail. Cache on device ram - works Cache on server - works Ram with overflow - fails to server Cache on Device HD - fails to server...

WordPress Plugin w3-total-cache Stored XSS Vulnerability

Exploit for php platform in category web applications Steps to Produce the Vulnerability : 1 Go to Dashboard. 2 Click on Installed Plugins. 3 Go to W3-Total-Cache Plugin and Click on settings. 4 Go to Reverse Proxy and Click on page cache settings. 5 Go to Cache Preload and Type Vector - ". in...