Advisory ROSA-SA-2026-3306

Component: PHP 7.4.33 OS: ROSA-CHROME Affected versions: = php-7.4.33-13 Affected versions: php-7.4.33-13 CVE-ID: CVE-2024-5458 BDU-ID: 2024-04846 CVE-Crit: Medium CVE-DESCRIPTION: The vulnerability in the filtervar function of the PHP interpreter involves insufficient validation of data...

vCluster Platform security vulnerabilities

vCluster Platform is an open-source virtual cluster manager developed by vCluster. Vulnerabilities existed in versions prior to vCluster Platform 4.6.0, 4.5.4, 4.4.2, and 4.3.10. These vulnerabilities were due to a potential bypass of range restrictions, which could lead to access to resources th...

CVE-2025-65021

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability exists in the poll finalization feature of the application. Any authenticated user can finalize a poll they do not own by manipulating the pollId parameter in...

CVE-2025-65034

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization vulnerability allows any authenticated user to reopen finalized polls belonging to other users by manipulating the pollId parameter. This can disrupt events managed by other users and...

CVE-2025-65032 Rallly Has an IDOR Vulnerability in Participant Rename Function Allows Unauthorized Modification of Other Users’ Names

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability allows any authenticated user to change the display names of other participants in polls without being an admin or the poll owner. By manipulating the...

CVE-2025-65031

CVE-2025-65031 affects Rallly versions prior to 4.5.4. A flaw in the comment creation endpoint allows an authenticated user to impersonate arbitrary users by altering the authorName field in the API request, potentially attributing comments to administrators or other privileged accounts and enabl...

CVE-2025-65020 Rallly Has Unauthorized Poll Duplication via Insecure Direct Object Reference (IDOR)

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability in the poll duplication endpoint /api/trpc/polls.duplicate allows any authenticated user to duplicate polls they do not own by modifying the pollId parameter...

EUVD-2025-198224

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability in the poll duplication endpoint /api/trpc/polls.duplicate allows any authenticated user to duplicate polls they do not own by modifying the pollId parameter...

Rallly 安全漏洞

Rallly is a scheduling and collaboration tool from Luke Vella Individual Developer designed to make it easier to organize events and meetings. A security vulnerability exists in Rallly versions prior to 4.5.4 that stems from an insecure direct object reference in the participant deletion feature,...

Rallly 安全漏洞

Rallly is a scheduling and collaboration tool from Luke Vella Individual Developer designed to make it easier to organize events and meetings. A security vulnerability exists in Rallly versions prior to 4.5.4 that stems from an insecure direct object reference in the Participant Display Name...

EUVD-2025-28317

Malicious code in bioql PyPI...

CVE-2024-54514

The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to break out of its sandbox...

PT-2025-7515 · WordPress · Wp-Appbox

Name of the Vulnerable Software and Affected Versions: WP-Appbox plugin for WordPress versions up to, and including, 4.5.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's appbox shortcode due to insufficient input sanitization and output escaping on user-supplied...

WordPress Plugin WpStream – Live Streaming, Video on Demand, Pay Per View 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin WpStream -...

UBUNTU-CVE-2022-36760

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions...

IrfanView 缓冲区错误漏洞

IrfanView is an image viewer by the individual developer Irfan Skiljan from Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion and more. A security vulnerability exists in IrfanView version 4.54, which stems from a user-mode write access conflict issue i...

IrfanView 缓冲区错误漏洞

IrfanView is an image viewer by the individual developer Irfan Skiljan from Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion and more. A security vulnerability exists in IrfanView version 4.54, which stems from a user-mode write access conflict issue i...

IrfanView 缓冲区错误漏洞

IrfanView is an image viewer by the individual developer Irfan Skiljan from Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion and more. A security vulnerability exists in IrfanView version 4.54, which stems from a user-mode write access conflict issue i...

CVE-2021-22528

Reflected Cross Site Scripting XSS vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4...

WordPress Essential Addons for Elementor Lite 跨站脚本漏洞

WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress Essential Addons for Elementor Lite Plugin versions prior to 4.5.4. An attacker can exploit this vulnerability to launch a cross-site scripting attack...