AlmaLinux 9 : gstreamer1-plugins-bad-free (ALSA-2025:8183)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:8183 advisory. GStreamer: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability CVE-2025-3887 Tenable has extracted the preceding descripti...

Oracle Linux 8 : gstreamer1-plugins-bad-free (ELSA-2025-8201)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-8201 advisory. 1.16.1-5.0.1 - Update origin URL Orabug: 36209826 1.16.1-5 - fix for CVE-2025-3887 Resolves: RHEL-93051 Tenable has extracted the preceding description block...

AlmaLinux 8 : gstreamer1-plugins-bad-free (ALSA-2025:8201)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:8201 advisory. GStreamer: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability CVE-2025-3887 Tenable has extracted the preceding descripti...

CLSA-2025-1748001706 gstreamer1-plugins-good: Fix of CVE-2024-47774

CVE-2024-47774: fix an integer overflow in the AVI subtitle parser that can lead to out-of-bounds reads and can cause crashes for certain input files...

CVE-2025-0874

A vulnerability, which was classified as critical, has been found in code-projects Simple Plugins Car Rental Management 1.0. Affected by this issue is some unknown functionality of the file /admin/approve.php. The manipulation of the argument id leads to sql injection. The attack may be launched...

CVE-2025-24709

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Plethora Plugins Plethora Plugins Tabs + Accordions plethora-tabs-accordions allows Stored XSS.This issue affects Plethora Plugins Tabs + Accordions: from n/a through = 1.1.5...

CLSA-2025-1747998930 gstreamer1-plugins-base: Fix of CVE-2024-47600

CVE-2024-47600: fixed out-of-bounds read in the gst-discoverer-1.0 command-line tool that could cause crashes...

CVE-2024-49593

In Advanced Custom Fields ACF before 6.3.9 and Secure Custom Fields before 6.3.6.3 plugins for WordPress, using the Field Group editor to edit one of the plugin's fields can result in execution of a stored XSS payload. NOTE: if you wish to use the WP Engine alternative update mechanism for the fr...

CVE-2024-0881

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to rea...

CVE-2024-32455

Missing Authorization vulnerability in Very Good Plugins Fatal Error Notify.This issue affects Fatal Error Notify: from n/a through 1.5.2...

CVE-2024-31279

Cross-Site Request Forgery CSRF vulnerability in Catch Plugins Generate Child Theme.This issue affects Generate Child Theme: from n/a through 2.0...

CVE-2024-32084

Cross-Site Request Forgery CSRF vulnerability in Gold Plugins Before And After.This issue affects Before And After: from n/a through 3.9...

CVE-2024-28394

An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module...

CVE-2024-24838

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Five Star Plugins Five Star Restaurant Reviews allows Stored XSS.This issue affects Five Star Restaurant Reviews: from n/a through 2.3.5...

CVE-2024-22150

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PWR Plugins Portfolio & Image Gallery for WordPress | PowerFolio allows Stored XSS.This issue affects Portfolio & Image Gallery for WordPress | PowerFolio: from n/a through 3.1...

CVE-2024-12077

The Booking Calendar and Booking Calendar Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘calendarid’ parameter in all versions up to, and including, 3.2.19 and 11.2.19 respectively, due to insufficient input sanitization and output escaping. This makes it...

CVE-2024-6332

The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the 'ameliaButtonCommand' function in all versions up to, and including, Premium 7.7 and Lite 1.2.4. This makes it...

CVE-2024-30528

Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through 4.9.10...

CVE-2024-35162

Path traversal vulnerability exists in Download Plugins and Themes from Dashboard versions prior to 1.8.6. If this vulnerability is exploited, a remote authenticated attacker with "switchthemes" privilege may obtain arbitrary files on the server...

CVE-2024-47311

Missing Authorization vulnerability in Kraft Plugins Wheel of Life wheel-of-life allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wheel of Life: from n/a through = 1.1.8...