CVE-2020-2286

Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration...

CVE-2020-25230

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device...

CVE-2018-15748

On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.152335dn MFP 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of t...

CVE-2019-9582

eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15...

CVE-2019-8121

An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries Bootstrap, jquery, Knockout with known security vulnerabilities...

CVE-2002-2037

The Cisco Media Gateway Controller MGC in 1 SC2200 7.4 and earlier, 2 VSC3000 9.1 and earlier, 3 PGW 2200 9.1 and earlier, 4 Billing and Management Server BAMS and 5 Voice Services Provisioning Tool VSPT runs on default installations of Solaris 2.6 with unnecessary services and without the latest...

RUSTSEC-2025-0036 surf is unmaintained

The developer has indicated that the crate is unmaintained. The last release is over three years old from 2021, the crate depends on the deprecated async-std crate and on a very old version of rustls for TLS support. Possible alternatives - reqwest - ureq...

CLSA-2025-1746654462 Fix CVE(s): CVE-2020-1739

SECURITY UPDATE: insecure password handling in svn module - debian/patches/CVE-2020-1739.patch: Update subversion module to provide password securely with --password-from-stdin option to prevent leaking in case of outdated svn versions - CVE-2020-1739...

CVE-2025-4349 D-Link DIR-600L formSysCmd command injection

A vulnerability classified as critical has been found in D-Link DIR-600L up to 2.07B01. This affects the function formSysCmd. The manipulation of the argument host leads to command injection. It is possible to initiate the attack remotely. This vulnerability only affects products that are no long...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21699)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21699 advisory. - In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flippi...

EulerOS 2.0 SP12 : curl (EulerOS-SA-2025-1407)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-t...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21637)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21637 advisory. - In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: udpport: avoid using...

CVE-2025-3104

The WP STAGING Pro WordPress Backup Plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 6.1.2 due to missing capability checks on the getOutdatedPluginsRequest function. This makes it possible for unauthenticated attackers to reveal outdated installed...

PT-2025-17021 · Unknown · Claire Ryan Author Showcase

Name of the Vulnerable Software and Affected Versions: Claire Ryan Author Showcase versions 1.4.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This enables an attacker ...

CVE-2025-3104

The WP STAGING Pro WordPress Backup Plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 6.1.2 due to missing capability checks on the getOutdatedPluginsRequest function. This makes it possible for unauthenticated attackers to reveal outdated installed...

CVE-2025-3104 WP Staging Pro <= 6.1.2 - Unauthenticated Information Exposure via getOutdatedPluginsRequest Function

The WP STAGING Pro WordPress Backup Plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 6.1.2 due to missing capability checks on the getOutdatedPluginsRequest function. This makes it possible for unauthenticated attackers to reveal outdated installed...

CVE-2025-3104

CVE-2025-3104 affects the WP STAGING Pro WordPress Backup Plugin for WordPress (versions up to 6.1.2). The issue arises from missing capability checks in getOutdatedPluginsRequest(), enabling unauthenticated disclosure of outdated installed plugins. Impact is information exposure; CVSS 3.1 base s...

CVE-2025-3104 WP Staging Pro <= 6.1.2 - Unauthenticated Information Exposure via getOutdatedPluginsRequest Function

The WP STAGING Pro WordPress Backup Plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 6.1.2 due to missing capability checks on the getOutdatedPluginsRequest function. This makes it possible for unauthenticated attackers to reveal outdated installed...

WordPress plugin Eazy Plugin Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-15132 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 5.0.2 Description: The issue allows a local attacker to cause a denial of service DOS through an out-of-bounds read. Recommendations: For versions prior to 5.0.2, update to a version that contains a fix for this...