CVE-2026-7705

A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function setiptvinfo of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has...

WordPress Order Delivery Date for WooCommerce plugin <= 4.5.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Order Delivery Date for WooCommerce versions = 4.5.1...

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "org.apache.cxfcxf-core 3.6.7, io.nettynetty-codec-http 4.1.124.Final , github.com/golang-jwt/jwt/v4 v4.5.0" which are vulnerable to "CVE-2025-48913, CVE-2025-58056, CVE-2024-51744". This bulletin contains information regarding the vulnerabilities and how...

Fedora 43 : p11-kit (2026-f1fabb2a49)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f1fabb2a49 advisory. Notable changes from the rebase: pkcs11: Update PKCS11 headers to version 3.2 rpc: fix NULL dereference via CDeriveKey with specific NULL parameters...

CVE-2025-9019

CVE-2025-9019 affects tcpreplay 4.5.1 (tcpprep component) where the function mask_cidr6 in cidr.c can cause a heap-based buffer overflow . The description notes a remote attack with high complexity and no required user interaction, with exploitation reportedly possible on the latest 4.5.1/recent ...

WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Online Booking & Scheduling Calendar for WordPress by vcita versions = 4.5.1...

DEBIAN-CVE-2024-51744

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52266 CVE-2024-51744 affecting package prometheus for versions less than 2.37.9-4

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

PT-2024-23439 · Unknown · Fg Prestashop To Woocommerce

Name of the Vulnerable Software and Affected Versions: FG PrestaShop to WooCommerce versions n/a through 4.45.1 Description: The issue is related to the insertion of sensitive information into log files. This can potentially expose confidential data. There is no information provided about the...

Schweitzer Engineering Laboratories SEL-411L 安全漏洞

The Schweitzer Engineering Laboratories SEL-451 is a complete stand-alone system from Schweitzer Engineering Laboratories, USA. An input validation error vulnerability exists in the Schweitzer Engineering Laboratories SEL-451, which can be exploited by an authenticated, remote attacker to cause a...

CVE-2023-46614

Cross-Site Request Forgery CSRF vulnerability in Mat Bao Corp WP Helper Premium plugin = 4.5.1 versions...

SUSE-SU-2023:3778-1 Security update for wireshark

This update for wireshark fixes the following issues: - Wireshark update to v3.6.16. - CVE-2023-4512: Fixed a bug in CBOR dissector which could lead to crash. bsc1214561 - CVE-2023-4511: Fixed a bug in BT SDP dissector which could lead to an infinite loop. bsc1214560 - CVE-2023-4513: Fixed a bug ...

DataGear 代码问题漏洞

DataGear is an open source and free data visualization and analysis platform from DataGear, Inc. A code issue vulnerability exists in DataGear versions prior to 4.5.1, which stems from a problem with the component JDBC server handler that can lead to deserialization...

WordPress plugin Simple Giveaways 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

SUSE CVE-2016-2184

The createfixedstreamquirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service NULL pointer dereference or double free, and system crash via a crafted endpoints value in a USB device...

SUSE CVE-2018-1000132

Mercurial version 4.5 and earlier contains a Incorrect Access Control CWE-285 vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1...

Atlassian FishEye and Crucible Cross-Site Scripting Vulnerabilities (CNVD-2018-05475)

Atlassian FishEye and Crucible are both products of the Australian company Atlassian, FishEye is a suite of software for deep viewing of source code repositories and Crucible is a suite of code review tools. A cross-site scripting vulnerability exists in source browse resource in Atlassian FishEy...