13 matches found
Improper Encoding or Escaping of Output
Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the RSS feed rendering process. An attacker can execute arbitrary JavaScript in the context of RSS readers by injecting malicious tag names or raw HTML markdown content. This is only exploitab...
Exposure of Private Personal Information to an Unauthorized Actor
Overview Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor via the Email field in the Comment model exposed through unauthenticated public API endpoints. An attacker can obtain the email addresses of all guest commenters by makin...
CVE-2026-32983 SSL/TLS Renegotiation DoS in Wazuh Manager authd service
Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lac...
PT-2026-28278
Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lac...
PT-2026-28460
Name of the Vulnerable Software and Affected Versions wazuh-manager versions prior to 4.7.4 Description The authd service in Wazuh Manager contains an improper restriction of client-initiated SSL/TLS renegotiation. This allows remote attackers to cause a denial of service by sending excessive...
Wazuh 安全漏洞
Wazuh is an open-source application developed by Wazuh. It is used for collecting, summarizing, indexing, and analyzing security data, helping organizations detect intrusions, threats, and abnormal behaviors. Wazuh versions 4.7.3 and earlier contain security vulnerabilities. These vulnerabilities...
CVE-2026-25785
Path traversal vulnerability exists in Lanscope Endpoint Manager On-Premises Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system...
PT-2026-21875
Path traversal vulnerability exists in Lanscope Endpoint Manager On-Premises Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system...
CVE-2017-15275
...
WordPress 插件 SQL注入漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. version 4.7.3 of Filebird Plugin has a security...
RebornCore library 代码问题漏洞
RebornCore library is a library of mods for Tech Reborn, including Tech Reborn, Quantum Storage, Fluxed Redstone, Hardcore Map Reset, and more. A remote code execution vulnerability exists in versions of the RebornCore library prior to 4.7.3, which can be exploited by an attacker to remotely...
Mattermost Server Input Validation Error Vulnerability (CNVD-2020-41175)
Mattermost Server is the United States Mattermost company's set of open source messaging platform. An input validation error vulnerability exists in Mattermost Server versions prior to 4.7.3. An attacker can exploit this vulnerability to cause a denial of service application crash with invalid...
DEBIAN-CVE-2017-6817
In WordPress before 4.7.3 wp-includes/embed.php, there is authenticated Cross-Site Scripting XSS in YouTube URL Embeds...