33 matches found
[SECURITY] [DLA 4424-1] openjpeg2 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4424-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès December 29, 2025 https://wiki.debian.org/LTS -...
Huawei EulerOS: Security Advisory for openjpeg2 (EulerOS-SA-2025-2555)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EUVD-2025-1520
Malicious code in bioql PyPI...
OESA-2025-2042 openjpeg2 security update
OpenJPEG is an open-source JPEG 2000 codec written in C language. It has been developed in order to promote the use of JPEG 2000, a still-image compression standard from the Joint Photographic Experts Group JPEG. Since April 2015, it is officially recognized by ISO/IEC and ITU-T as a JPEG 2000...
OESA-2025-2040 openjpeg2 security update
OpenJPEG is an open-source JPEG 2000 codec written in C language. It has been developed in order to promote the use of JPEG 2000, a still-image compression standard from the Joint Photographic Experts Group JPEG. Since April 2015, it is officially recognized by ISO/IEC and ITU-T as a JPEG 2000...
SUSE CVE-2025-50952
openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c...
UBUNTU-CVE-2025-50952
openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c...
OpenJPEG v2.5.0 安全漏洞
OpenJPEG is an open source C-based open source JPEG2000 codec from Université catholique de Louvain. A security vulnerability exists in OpenJPEG version v2.5.0, which stems from a null pointer dereference in the /openjp2/dwt.c component...
CVE-2024-12827 DWT - Directory & Listing WordPress Theme <= 3.3.6 - Unauthenticated Arbitrary User Password Reset
The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.6. This is due to the plugin not properly checking for an empty token value prior to resetting a user's password through the...
WordPress plugin DWT - Directory & Listing security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2025-27070 · WordPress · Dwt - Directory & Listing Wordpress Theme
Name of the Vulnerable Software and Affected Versions: The DWT - Directory & Listing WordPress Theme versions up to, and including, 3.3.6 Description: The issue allows for privilege escalation via account takeover due to improper checking of an empty token value prior to resetting a user's passwo...
CVE-2025-0170
The DWT - Directory & Listing WordPress Theme is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping on the 'sortby' and 'token' parameters. This makes it possible for unauthenticated attackers to inject...
WordPress DWT theme <= 3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton in WordPress Theme DWT - Directory & Listing versions = 3.3.4...
CVE-2025-0169
The DWT - Directory & Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2025-0169 DWT - Directory & Listing WordPress Theme <=3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The DWT - Directory & Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2025-0169 DWT - Directory & Listing WordPress Theme <=3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The DWT - Directory & Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
WordPress plugin DWT - Directory & Listing 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2025-6025 · WordPress · Dwt - Directory & Listing Wordpress Theme
Name of the Vulnerable Software and Affected Versions: The DWT - Directory & Listing WordPress Theme versions up to, and including, 3.3.4 Description: The issue is related to Stored Cross-Site Scripting via shortcodes due to insufficient input sanitization and output escaping on user-supplied...
CVE-2025-0170 DWT - Directory & Listing WordPress Theme <= 3.3.3 - Reflected Cross-Site Scripting
The DWT - Directory & Listing WordPress Theme is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping on the 'sortby' and 'token' parameters. This makes it possible for unauthenticated attackers to inject...
CVE-2025-0170
The CVE-2025-0170 entry documents a Reflected Cross-Site Scripting vulnerability in the DWT - Directory & Listing WordPress Theme (versions up to and including 3.3.3). The root cause is insufficient input sanitization and output escaping on the sort_by and token parameters, enabling unauthenticat...