822 matches found
SUSE SLES15: libsoup-2_4-1 / libsoup2-devel / libsoup2-lang / etc (SUSE-SU-2026:0258-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0258-1 advisory. - CVE-2025-14523: Reject duplicated Host in headers and followed upstream update bsc1254876. - CVE-2026-0719: Fixed overflow for...
EUVD-2026-4473
ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004834)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004834 advisory. In the Linux kernel, the following vulnerability has been resolved: ceph: avoid putting the realm twice when decoding snaps fails When decoding the snaps fails it...
EUVD-2026-3819
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through = 6.1...
Security update for libsoup2
This update for libsoup2 fixes the following issues: CVE-2025-14523: Reject duplicated Host in headers and followed upstream update bsc1254876. CVE-2026-0719: Fixed overflow for password md4sum bsc1256399 Patch Instructions: To install this SUSE update use the SUSE recommended installation method...
SUSE-SU-2026:0253-1 Security update for libsoup2
This update for libsoup2 fixes the following issues: - CVE-2025-14523: Reject duplicated Host in headers and followed upstream update bsc1254876. - CVE-2026-0719: Fixed overflow for password md4sum bsc1256399...
GHSA-FQCV-8859-86X2 CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier
SQL Injection in CustomerTransformerController Summary An error-based SQL Injection vulnerability was identified in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading to database error...
CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier
SQL Injection in CustomerTransformerController Summary An error-based SQL Injection vulnerability was identified in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading to database error...
PT-2026-3891
Name of the Vulnerable Software and Affected Versions CoreShop versions prior to 4.1.9 Description An error-based SQL Injection issue exists in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly incorporates user-supplied input into a SQL query,...
EUVD-2026-3239
A vulnerability has been found in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/ConfigExceptMSN. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used...
Security update for libsoup
This update for libsoup fixes the following issues: CVE-2025-14523: Reject duplicated Host in headers bsc1254876. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed fo...
EUVD-2026-2609
EUVD-2026-2609...
MiracleLinux 8 : libsoup-2.62.3-11.el8_10 (AXSA:2026-026:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-026:01 advisory. libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy First- vs Last-Value Wins CVE-2025-14523 Tenable has extracted the preceding...
WordPress WP Duplicate Page plugin <= 1.8 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication vulnerability
Missing Authorization to Authenticated Contributor+ Arbitrary Post Duplication vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin WP Duplicate Page versions = 1.8...
CVE-2025-14001 WP Duplicate Page <= 1.8 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication
The WP Duplicate Page plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'duplicateBulkHandle' and 'duplicateBulkHandleHPOS' functions in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with...
CVE-2025-14001 WP Duplicate Page <= 1.8 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication
The WP Duplicate Page plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'duplicateBulkHandle' and 'duplicateBulkHandleHPOS' functions in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with...
CVE-2025-14001
CVE-2025-14001 relates to the WordPress plugin WP Duplicate Page (versions
CVE-2016-10840
cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication SEC-72...
CVE-2024-41565
JustEnoughItems JEI 19.5.0.33 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index in JEI for Minecraft, which allows in-game item duplication...
CVE-2024-41564
EMI v.1.1.10 and before, fixed in v.1.1.11, contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index and decrement stack count in EMI mod for Minecraft, which allows in-game item duplication...