CVE-2025-69209

The CVE-2025-69209 entry concerns ArduinoCore-avr. A stack-based buffer overflow occurs in earlier releases (versions before 1.8.7) when converting floating-point values to strings with very high precision via dtostrf, writing beyond fixed-size stack buffers, causing memory corruption and potenti...

Arduino and AVR Board Security Vulnerabilities

Arduino AVR Boards is an open-source software kernel of Arduino. Versions of Arduino AVR Boards prior to 1.8.7 contained security vulnerabilities. These vulnerabilities stemmed from stack buffer overflows during the conversion of high-precision floating-point numbers into strings, which could lea...

MiracleLinux 8 : ruby:2.5 (AXSA:2024-7342:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7342:01 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: Buffer overrun in String-to-Float conversion CVE-2022-28739 ruby: ReDoS...

MiracleLinux 9 : ruby-3.0.4-160.el9 (AXSA:2022-4083:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4083:02 advisory. Ruby: Double free in Regexp compilation CVE-2022-28738 Ruby: Buffer overrun in String-to-Float conversion CVE-2022-28739 Tenable has extracted the...

MiracleLinux 9 : toolbox-0.0.99.3-9.el9 (AXSA:2023-5654:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5654:01 advisory. golang: net/http: handle server errors after sending GOAWAY CVE-2022-27664 golang: net/http: An attacker can cause excessive memory growth in a Go...

MiracleLinux 8 : ruby:2.6 (AXSA:2022-3745:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3745:01 advisory. Ruby: Buffer overrun in String-to-Float conversion CVE-2022-28739 Tenable has extracted the preceding description block directly from the MiracleLinux securi...

MiracleLinux 8 : ruby:3.0 (AXSA:2022-3846:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3846:01 advisory. ruby: Regular expression denial of service vulnerability of Date parsing methods CVE-2021-41817 ruby: Cookie prefix spoofing in CGI::Cookie.parse...

WordPress Float Payment Gateway plugin unauthorized data modification vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unauthorized data modification vulnerability exists in the WordPress Float Payment Gateway plugin that stems from mishandling of errors and can be exploited by an attacker to...

CVE-2025-15513

The Float Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to improper error handling in the verifyFloatResponse function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to mark any WooCommerce order as...

CVE-2025-15513

The Float Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to improper error handling in the verifyFloatResponse function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to mark any WooCommerce order as...

CVE-2025-15513 Float Payment Gateway <= 1.1.9 - Improper Authorization to Unauthenticated Order Status Manipulation

The Float Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to improper error handling in the verifyFloatResponse function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to mark any WooCommerce order as...

EUVD-2026-2525

The Float Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to improper error handling in the verifyFloatResponse function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to mark any WooCommerce order as...

CVE-2025-15513

The CVE-2025-15513 entry concerns the WordPress Float Payment Gateway plugin. Affected versions are all up to and including 1.1.9. The root cause is improper error handling in the verifyFloatResponse() function, which allows unauthenticated attackers to modify data and mark WooCommerce orders as ...

CVE-2025-15513 Float Payment Gateway <= 1.1.9 - Improper Authorization to Unauthenticated Order Status Manipulation

The Float Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to improper error handling in the verifyFloatResponse function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to mark any WooCommerce order as...

PT-2026-2840

The Float Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to improper error handling in the verifyFloatResponse function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to mark any WooCommerce order as...

WordPress plugin Float Payment Gateway 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unauthorized data modification vulnerability exists in the WordPress Float Payment Gateway plugin that stems from mishandling of errors and can be exploited by an attacker to...

WordPress Float Payment Gateway plugin <= 1.1.9 - Improper Authorization to Unauthenticated Order Status Manipulation vulnerability

Improper Authorization to Unauthenticated Order Status Manipulation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Float Payment Gateway versions = 1.1.9...

CVE-2022-0313

The Float menu WordPress plugin before 4.3.1 does not have CSRF check in place when deleting menu, which could allow attackers to make a logged in admin delete them via a CSRF attack...

CVE-2022-35013

PNGDec commit 8abf6be was discovered to contain a FPE via SaveBMP at /linux/main.cpp...

CVE-2024-2405

The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack...