[SECURITY] Fedora 41 Update: python-fastapi-0.115.2-1.fc41

FastAPI is a modern, fast high-performance, web framework for building APIs with Python 3.8+ based on standard Python type hints. The key features are: =E2=80=A2 Fast: Very high performance, on par with NodeJS and Go thanks to Starlette and Pydantic. One of the fastest Python frameworks available...

WordPress Wux Blog Editor Plugin <= 3.0.0 is vulnerable to Broken Authentication

Software Wux Blog Editor Type Plugin Vulnerable versions = 3.0.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9931 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 140fce8f5a83 Credits István...

WordPress WP-Members Plugin <= 3.4.9.5 is vulnerable to Cross Site Scripting (XSS)

Software WP-Members Type Plugin Vulnerable versions = 3.4.9.5 Fixed in 3.4.9.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10374 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b793b5e43f7e Credits Peter Thaleikis Required...

WordPress MaanStore API Plugin <= 1.0.1 is vulnerable to Broken Authentication

Software MaanStore API Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-50487 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 80e67caa15fa Credits...

WordPress Stacks Mobile App Builder Plugin <= 5.2.3 is vulnerable to Broken Authentication

Software Stacks Mobile App Builder Type Plugin Vulnerable versions = 5.2.3 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-50477 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 02ff662824ca Credit...

WordPress Cozy Blocks Plugin <= 2.0.18 is vulnerable to Cross Site Scripting (XSS)

Software Cozy Blocks Type Plugin Vulnerable versions = 2.0.18 Fixed in 2.0.19 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50502 Patch priority Low CVSS severity Low 6.5 Developer CozyThemes PSID 2887e7a845fe Credits Michael Required privilege Contributor...

WordPress Uix Shortcodes Plugin <= 1.9.9 is vulnerable to Arbitrary Code Execution

Software Uix Shortcodes Type Plugin Vulnerable versions = 1.9.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-9772 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID a42f828d9a99 Credits Francesco Carlucci Required privilege...

Petrol Pump Management Software SQL注入漏洞

Petrol Pump Management Software is a gasoline pump management software by mayurik individual developer. A SQL injection vulnerability exists in Petrol Pump Management Software version 1.0, which originates from the id parameter in the /admin/invoice.php page containing a SQL injection vulnerabili...

WordPress Signup Page Plugin <= 1.0 is vulnerable to Privilege Escalation

Software Signup Page Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-50475 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 15ed63623277 Credits Mika Required...

WordPress Shoutcast Icecast HTML5 Radio Player Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Shoutcast Icecast HTML5 Radio Player Type Plugin Vulnerable versions = 2.1.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8666 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3e71cc774a45 Credits...

WordPress EventPrime Plugin <= 4.0.4.7 is vulnerable to Cross Site Scripting (XSS)

Software EventPrime Type Plugin Vulnerable versions = 4.0.4.7 Fixed in 4.0.4.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9864 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1a0ade328fdb Credits zer0gh0st Required...

WordPress Contact Form 7 - Repeatable Fields Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form 7 - Repeatable Fields Type Plugin Vulnerable versions = 2.0.1 Fixed in 2.0.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10180 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d39a0f706c9a Credits Pete...

WordPress Envo's Elementor Templates & Widgets for WooCommerce Plugin <= 1.4.19 is vulnerable to Cross Site Scripting (XSS)

Software Envo's Elementor Templates & Widgets for WooCommerce Type Plugin Vulnerable versions = 1.4.19 Fixed in 1.4.20 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50447 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 28c4d14cb691 Credits...

WordPress Firelight Lightbox Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Firelight Lightbox Type Plugin Vulnerable versions = 2.3.3 Fixed in 2.3.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50460 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2edb2390ea9c Credits Robert DeVore Required privilege...

WordPress The Pack Elementor addons Plugin <= 2.0.9 is vulnerable to Local File Inclusion

Software The Pack Elementor addons Type Plugin Vulnerable versions = 2.0.9 Fixed in 2.1.0 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-50453 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID e424fb066139 Credits João Pedro S Alcânta...

WordPress File Upload Types Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS)

Software File Upload Types Type Plugin Vulnerable versions = 1.4.0 Fixed in 1.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10016 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d655bda3dd64 Credits Francesco Carlucci...

WordPress Beaver Builder Plugin <= 2.8.3.7 is vulnerable to Cross Site Scripting (XSS)

Software Beaver Builder Type Plugin Vulnerable versions = 2.8.3.7 Fixed in 2.8.3.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50430 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0af9c27e34dd Credits João Pedro S Alcântara Kinorth...

WordPress Button contact VR Plugin <= 4.7.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Button contact VR Type Plugin Vulnerable versions = 4.7.9.1 Fixed in 4.7.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50414 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8a3582798f30 Credits UKO Required privilege...

WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin <= 1.3.3.4 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions = 1.3.3.4 Fixed in 1.3.3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50451 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0f23dd4816a6 Credits...

WordPress YITH WooCommerce Product Add-Ons Plugin <= 4.14.1 is vulnerable to Cross Site Scripting (XSS)

Software YITH WooCommerce Product Add-Ons Type Plugin Vulnerable versions = 4.14.1 Fixed in 4.14.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50448 Patch priority Medium CVSS severity Medium 7.1 Developer YITH PSID c89cdca7b8b3 Credits Le Ngoc Anh Required...