[SECURITY] Fedora 43 Update: python-ply-3.11-33.fc43

PLY is a straightforward lex/yacc implementation. Here is a list of its essential features: It is implemented entirely in Python. It uses LR-parsing which is reasonably efficient and well suited for larger grammars. PLY provides most of the standard lex/yacc features including support for empty...

WordPress EventON < 4.5.5 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 4.5.5...

WordPress EventON < 4.5.5 - Unauthenticated Email Address Disclosure vulnerability

Unauthenticated Email Address Disclosure vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 4.5.5...

WordPress Ditty plugin 3.1.39-3.1.45 - Author+ Stored XSS vulnerability

Author+ Stored XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin Ditty versions 3.1.39-3.1.45...

EUVD-2025-37372

Totolink LR350 v9.3.5u.6369B20220309 was discovered to contain a stack overflow via the password parameter in the sub426EF8 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

EUVD-2020-21924

Malware in sbrugna...

EUVD-2024-52662

Malicious code in bioql PyPI...

EUVD-2024-19400

Malicious code in bioql PyPI...

EUVD-2024-25201

Malicious code in bioql PyPI...

EUVD-2024-25199

Malicious code in bioql PyPI...

GHSA-8PJC-487G-W6P2 vulnerabilities

Vulnerabilities for packages: bom, nri-memcached, gobump, terraform, nri-nginx, kyverno-notation-aws, nri-rabbitmq, aws-application-networking-k8s, nginx-prometheus-exporter, grafana-rollout-operator, kubernetes-csi-node-driver-registrar, cluster-api-provider-vsphere, grafana-alloy, kuberlr,...

CVE-2024-54750

Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: In Ubiquiti's view there is no vulnerability as the Hardcoded Password should be after setup not before...

WordPress Edd Google Sheet Connector Pro plugin < 1.4 - Cross-Site Request Forgery to Access Code Update vulnerability

Cross-Site Request Forgery to Access Code Update vulnerability discovered by Erwan LR in WordPress Plugin Edd Google Sheet Connector Pro versions 1.4...

WordPress Easy Digital Downloads Google Sheet Connector plugin <= 1.6.6 - Cross-Site Request Forgery to Access Code Update vulnerability

Cross-Site Request Forgery to Access Code Update vulnerability discovered by Erwan LR in WordPress Plugin Google Sheet Connector for Easy Digital Downloads versions = 1.6.5...

WordPress NextGEN Gallery plugin < 3.59.9 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin NextGEN Gallery versions 3.59.9...

CVE-2024-28026

Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

MC LR Router and GoCast unpatched vulnerabilities

Cisco Talos' Vulnerability Research team recently discovered two vulnerabilities in MC Technologies LR Router and three vulnerabilities in the GoCast service. These vulnerabilities have not been patched at time of this posting. For Snort coverage that can detect the exploitation of these...

CVE-2024-54750

Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: In Ubiquiti's view there is no vulnerability as the Hardcoded Password should be after setup not before...

CVE-2024-54750

Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: In Ubiquiti's view there is no vulnerability as the Hardcoded Password should be after setup not before...

CVE-2024-54750

CVE-2024-54750 affects Ubiquiti U6-LR firmware version 6.6.65, with a reported hardcoded password vulnerability in /etc/shadow that could enable login as root. The description notes that Ubiquiti disputes the vulnerability, claiming the hardcoded password should be post-setup, not pre-existing. T...