12 matches found
RHSA-2026:28738 Red Hat Security Advisory: kpatch-patch-5_14_0-427_100_1, kpatch-patch-5_14_0-427_113_1, kpatch-patch-5_14_0-427_126_1, kpatch-patch-5_14_0-427_68_2, and kpatch-patch-5_14_0-427_84_1 security update
Bulletin has no description...
joomla-exploits
joomla-exploits Exploit Title: Joomla! 4.2.8 - Unauthen...
EUVD-2026-4275
MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability in the custom text input field for thread redirects. Attackers can inject malicious SVG scripts that will execute when other users view the thread, allowing arbitrary script execution...
CVE-2025-54806
GROWI v4.2.7 and earlier contains a cross-site scripting vulnerability in the page alert function. If a user accesses a crafted URL while logged in to the affected product, an arbitrary script may be executed on the user's web browser...
September 9, 2025—KB5065427 (OS Build 14393.8422)
September 9, 2025—KB5065427 OS Build 14393.8422 Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business devices for the...
CVE-2024-32869
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.2.7, when using serveStatic with deno, it is possible to traverse the directory where main.ts is located. This can result in retrieval of unexpected files. Version 4.2.7 contains a patch for t...
VulnCheck KEV: CVE-2024-8522
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'conlyfields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2022-43761
Missing authentication when creating and managing the B&R APROL database in versions R 4.2-07 allows reading and changing the system configuration...
CVE-2022-4501
The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vcsavingdata function in versions up to, and including, 4.2.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin'...
CVE-2021-3427
creationtimestamp| type| source ---|---|--- 2022-08-26 20:30:23+00:00| seen| https://t.me/cibsecurity/48892...
PYSEC-2017-53
Cross-site scripting XSS vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1...
DEBIAN-CVE-2014-9293
The configauth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...