Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File

The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible printphpinformation.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PH...

[SECURITY] Fedora 43 Update: nginx-mod-fancyindex-0.6.0-5.fc43

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

SQL Injection

Overview bolt/bolt is a sophisticated, lightweight & simple CMS. Affected versions of this package are vulnerable to SQL Injection via the order parameter in content listing pages through the OrderDirective component. An attacker can extract sensitive information from the database by injecting...

CVE-2026-39229

Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information...

CVE-2026-39229

Bolt CMS up to version 3.7.0 is affected by an SQL Injection in the order parameter of content listing pages, exploitable by an authenticated attacker with low privileges via the OrderDirective component. This can lead to extraction of sensitive information. The CVSS 3.1 base score is 6.5 (Medium...

EUVD-2026-33350

Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information...

CVE-2026-39229

Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information...

Dell PowerFlex Manager 安全漏洞

Dell PowerFlex Manager is a software-defined infrastructure deployment and lifecycle management platform developed by the American company Dell. Versions of Dell PowerFlex Manager prior to 4.6.2 contain security vulnerabilities. These vulnerabilities stem from the exposure of directory list...

Dell PowerFlex Manager 安全漏洞

Dell PowerFlex Manager is a software-defined infrastructure deployment and lifecycle management platform developed by the American company Dell. Versions of Dell PowerFlex Manager prior to 4.6.2 contain security vulnerabilities. These vulnerabilities stem from the exposure of directory list...

[SECURITY] Fedora 44 Update: nginx-mod-fancyindex-0.6.0-4.fc44

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

CVE-2026-44381 MISP: SQL injection via unvalidated ordering parameters in event and shadow attribute listings

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, a SQL injection vulnerability existed in the handling of user-controlled ordering parameters in the event and shadow attribute listing endpoints. The affected code accepted order or sort values from request paramete...

EUVD-2026-30168

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, a SQL injection vulnerability existed in the handling of user-controlled ordering parameters in the event and shadow attribute listing endpoints. The affected code accepted order or sort values from request paramete...

CVE-2026-44381

MISP (open source threat intelligence platform) prior to version 2.5.37 contains a SQL injection vulnerability in handling of user-controlled ordering parameters on the event and shadow attribute listing endpoints. The affected code accepts order/sort values from request parameters and injects th...

Malicious code in briantreehttp (npm)

briantreehttp is a typosquatting package impersonating braintreehttp, the HTTP client library published by Braintree/PayPal. The package bundles the legitimate library source to appear functional while hiding a credential-theft payload in index1.js, which is executed at install time via the...

Malicious code in dit-envv (npm)

dit-envv is a typosquatting package impersonating dotenv, the widely-used environment variable loader. The package bundles the legitimate dotenv source and documentation to appear functional while hiding a credential-theft payload in index1.js, executed at install time via the postinstall script...

Astra Linux - уязвимость в firefox, thunderbird

When visiting directory listings for chrome:// URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR 102.1, Firefox ESR 91.12, Firefox 103, Thunderbird 102.1, and Thunderbird 91.12...

Linux Distros Unpatched Vulnerability : CVE-2026-41324

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory...

CVE-2026-41324

A flaw was found in basic-ftp, an FTP client for Node.js. A malicious or compromised remote FTP server can exploit this vulnerability by sending an extremely large or never-ending directory listing response. This can cause the client process to consume an unbounded amount of memory, leading to...

[SECURITY] Fedora 44 Update: nginx-mod-fancyindex-0.6.0-2.fc44

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

CVE-2026-41324

basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing response to...