29 matches found
CVE-2026-11398 LatePoint <= 5.6.1 - Missing Authorization to Unauthenticated Arbitrary Customer Data Modification via process_step_customer() Booking Form Customer Step
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-40542
Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004063)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004063 advisory. In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlinkcit.c aka the Xirlink camera USB driver mishandles invalid descriptors, aka CID-a246b4d54770. Tenabl...
PT-2026-1188
Name of the Vulnerable Software and Affected Versions CRMEB versions up to 5.6.1 Description A flaw exists in CRMEB that could allow for remote code execution. The issue stems from a SQL injection vulnerability within the /adminapi/export/product list file. Specifically, manipulating the cate id...
CVE-2024-21626 affecting package podman for versions less than 5.6.1-2
CVE-2024-21626 affecting package podman for versions less than 5.6.1-2. An upgraded version of the package is available that resolves this issue...
CVE-2025-11290 CRMEB JWT HMAC Secret hard-coded key
A vulnerability was identified in CRMEB up to 5.6.1. This affects an unknown function of the component JWT HMAC Secret Handler. Such manipulation of the argument secret with the input default leads to use of hard-coded cryptographic key . It is possible to launch the attack remotely. Attacks of...
CVE-2025-38739
Dell Digital Delivery, versions prior to 5.6.1.0, contains an Insufficiently Protected Credentials vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to Information Disclosure...
CVE-2024-2420
LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements...
CVE-2023-38561
Improper access control in some IntelR XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access...
AZL-49596 CVE-2024-3056 affecting package podman for versions less than 5.6.1-2
A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources...
CVE-2024-2421
LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions...
NetBox Security Vulnerability
NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A security vulnerability exists in LenelS2 NetBox 5.6.1 and earlier versions that stems from the presence of a remote code execution vulnerability...
Elastic Security Statement for CVE-2024-3094, xz versions 5.6.0 and 5.6.1
Elastic Products are not affected by this issue. On March 29th, 2024, Elastic became aware of the malicious code planted in the xz package. Elastic has performed an investigation to identify any Elastic Products which may be impacted by this issue and we have concluded that no Elastic products us...
Vulnerability fixed in liblzma (XZ Utils)
Malicious code has been found in liblzma XZ Utils software. XZ Utils is used for compression of data and may be present in Linux distributions. The vulnerability has been labeled CVE-2024-3094 and has been found in versions 5.6.0 and 5.6.1 of XZ Utils. A malicious party can exploit the...
CVE-2022-44589
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator – WordPress Two Factor...
PT-2023-21579 · WordPress · Woocommerce Payments
Name of the Vulnerable Software and Affected Versions: WooCommerce Payments plugin for WordPress versions 5.6.1 and lower Description: An issue in the WooCommerce Payments plugin for WordPress allows an unauthenticated attacker to send requests on behalf of an elevated user, such as an...
SUSE CVE-2017-11479
Kibana versions prior to 5.6.1 had a cross-site scripting XSS vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users...
AZL-44613 CVE-2022-32149 affecting package podman for versions less than 5.6.1-2
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...
PT-2022-8579 · Bodhi · Bodhi
Name of the Vulnerable Software and Affected Versions: Bodhi versions prior to 5.6.1 Description: Two cross-site scripting issues were fixed. Recommendations: For versions prior to 5.6.1, update to version 5.6.1 to resolve the issue...
Keybase Desktop Client Security Vulnerability
Keybase is a social networking platform that supports end-to-end encryption based on PGP technology. A security vulnerability exists in the Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, which allows an attacker to obtain potentially sensitive media in the...