ai-dynamo (>=0.1.0 <=0.3.0), bento-sgl-router (>=0.0.1 <=0.0.6) +32 more potentially affected by CVE-2024-9056 via bentoml (>=0.10.1 <=1.4.8)

bentoml PYPI version =0.10.1, =0.1.0, =0.0.1, =0.1.0, =0.1.0, =0.2.3, =0.1.0, =0.0.1, =0.0.10, =0.1.0, =0.2.0, =0.0.5, =0.1.1 - fusionmllib =0.1.0 - kazemlstack =0.1.0 and more Source cves: CVE-2024-9056 Source advisory: SNYK:PYTHON-BENTOML-9508724...

SUSE-SU-2025:20241-1 Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following issues: - CVE-2024-47538: Fixed a stack-buffer overflow in vorbishandleidentificationpacket bsc1234415. - CVE-2024-47835: Fixed NULL-pointer dereference in LRC subtitle parser bsc1234450. - CVE-2024-47600: Fixed Out-of-bounds read in...

CVE-2024-13410

The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0, respectively, via deserialization of untrusted input in the 'ajaxhandler' function. This makes it possible for...

RockyLinux 9 : gstreamer1-plugins-base (RLSA-2024:11123)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:11123 advisory. gstreamer1-plugins-base: GStreamer has a stack-buffer overflow in vorbishandleidentificationpacket CVE-2024-47538 gstreamer1-plugins-base: out-of-bounds...

containernetworking-plugins security update

An update is available for containernetworking-plugins. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Container Network Interface CNI project consists of a...

RLSA-2024:11122 Important: gstreamer1-plugins-good security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fixes: gstreamer1-plugins-good: uninitialized stack memory in...

dnf-plugins-core bug fix and enhancement update

An update is available for dnf-plugins-core. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

Huawei EulerOS: Security Advisory for gstreamer1-plugins-base (EulerOS-SA-2025-1263)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for gstreamer1-plugins-base (EulerOS-SA-2025-1264)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 42 Update: nextcloud-31.0.0-1.fc42

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

[SECURITY] Fedora 42 Update: OpenImageIO-2.5.16.0-6.fc42

OpenImageIO is a library for reading and writing images, and a bunch of relat ed classes, utilities, and applications. Main features include: - Extremely simple but powerful ImageInput and ImageOutput APIs for reading a nd writing 2D images that is format agnostic. - Format plugins for TIFF,...

CVE-2025-28887

Cross-Site Request Forgery CSRF vulnerability in Fastmover Plugins Last Updated Column plugins-last-updated-column allows Cross Site Request Forgery.This issue affects Plugins Last Updated Column: from n/a through = 0.1.3...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 3, 2025 to March 9, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

WordPress Bit File Manager 6.5.5 Race Condition / Code Injection

WordPress Bit File Manager plugin version 6.5.5 proof of concept race condition exploit that achieves remote code execution. ============================================================================================================================================= | Title : WordPress Bit File...

CVE-2025-28887

Cross-Site Request Forgery CSRF vulnerability in Fastmover Plugins Last Updated Column plugins-last-updated-column allows Cross Site Request Forgery.This issue affects Plugins Last Updated Column: from n/a through = 0.1.3...

CVE-2025-28887

CVE-2025-28887 describes a Cross-Site Request Forgery (CSRF) vulnerability in WordPress plugin Plugins Last Updated Column (Last Updated Column) affecting versions up to and including 0.1.3 . The issue is reported by multiple sources (NVD, CVE list, Patchstack) with a CVSS v3.1 base score of 4.3 ...

CVE-2025-28887 WordPress Plugins Last Updated Column plugin <= 0.1.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Fastmover Plugins Last Updated Column plugins-last-updated-column allows Cross Site Request Forgery.This issue affects Plugins Last Updated Column: from n/a through = 0.1.3...

VulnCheck KEV: CVE-2024-9593

The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 for Time Clock and 1.1.4 for Time Clock Pro via the 'etimeclockwploadfunctioncallback' function. This allows unauthenticated attackers to execute...

com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11), com.github.vzakharchenko:cisco-radius-plugin (>=1.4.10 <=1.4.11) +27 more potentially affected by CVE-2025-0604 via org.keycloak:keycloak-ldap-federation (>=1.0-beta-4 <=26.0.1)

org.keycloak:keycloak-ldap-federation MAVEN version =1.0-beta-4, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =2.5.6-24.0, =0.1.0, =0.2, =1.0-beta-4, =26.0.1 and more Source cves: CVE-2025-0604 Source advisory: OSV:GHSA-2P82-5WWR-43CW...

CVE-2024-5667

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Featherlight.js JavaScript library versions 1.7.13 to 1.7.14 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...