EUVD-2016-10896

WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site scripting payloads through the admin.php page parameters. Attackers can inject malicious JavaScrip...

CVE-2016-20084

Summary: CVE-2016-20084 affects WordPress plugin “appointment-booking-calendar” version 1.1.24. The description reports multiple privilege-escalation XSS vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent JavaScript via admin.php parameters. Inj...

CVE-2016-20074

CVE-2016-20074 affects WordPress the Lazy Content Slider Plugin version 3.4. The issue is a CSRF that lets an attacker trick authenticated admins into submitting POST requests to lzcs_admin.php to alter plugin settings such as lzcs_color and lzcs_count. The vulnerability arises from insufficient ...

CVE-2016-20074 WordPress Lazy Content Slider Plugin 3.4 CSRF

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via...

CVE-2016-20074 WordPress Lazy Content Slider Plugin 3.4 CSRF

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via...

EUVD-2016-10886

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via...

CVE-2026-34030

The CVE concerns Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) where branch code validation is insufficient during new-branch creation. The branch code is later used in functions that generate filesystem paths for uploaded files, profile pictures, and settings. An authenticat...

CVE-2026-34030 Improper branch-code validation in Wertheim SafeController Software allows file path manipulation

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and...

CVE-2026-34030 Improper branch-code validation in Wertheim SafeController Software allows file path manipulation

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and...

PT-2026-49222

WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site scripting payloads through the admin.php page parameters. Attackers can inject malicious JavaScrip...

PT-2026-49201

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and...

GeoVision LPC2011/LPC2211 DdnsSetting.cgi OS command injection vulnerability

Summary A OS command injection vulnerability exists in the DdnsSetting.cgi functionality of LPC2011/LPC2211 versions: 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability. Confirmed...

PT-2026-49212

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via lzcs...

SUSE SLES15 Security Update : kubernetes1.23 (SUSE-SU-2026:2315-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2315-1 advisory. This update for kubernetes1.23 fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transpo...

SUSE SLES15 Security Update : google-cloud-sap-agent (SUSE-SU-2026:2372-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2372-1 advisory. This update for google-cloud-sap-agent fixes the following issue - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport...

CVE-2026-54357

An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organization. The affected access-control checks scoped administrative actions by organization membership...

CVE-2026-54357 MISP improper authorization allows organization administrators to modify site administrator user settings

An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organization. The affected access-control checks scoped administrative actions by organization membership...

CVE-2026-54357 MISP improper authorization allows organization administrators to modify site administrator user settings

An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organization. The affected access-control checks scoped administrative actions by organization membership...

CVE-2026-50560

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty HTTP/2 max header size handling produces an attack similar to HTTP/2 Rapid Reset. There is a setting in the http2 specification called...

UBUNTU-CVE-2026-50560

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty HTTP/2 max header size handling produces an attack similar to HTTP/2 Rapid Reset. There is a setting in the http2 specification called...