27 matches found
PT-2026-52386
Name of the Vulnerable Software and Affected Versions MainWP Child versions prior to 6.1.2 Description An unauthenticated broken access control issue exists, allowing unauthorized users to bypass access restrictions. Recommendations Update to a version newer than 6.1.1...
CVE-2026-1165
CVE-2026-1165 affects Popup Box for WordPress up to version 6.1.1. The vulnerability is a Cross-Site Request Forgery due to a flawed nonce implementation in publish_unpublish_popupbox that validates a self-created nonce instead of the request nonce, enabling unauthenticated attackers to change po...
CVE-2025-68493
Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue...
EUVD-2025-206236
vega-functions vulnerable to Cross-site Scripting via setdata function...
CVE-2025-66648 `vega-functions` vulnerable to Cross-site Scripting via `setdata` function
vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. This issue is...
CVE-2025-54745
CVE-2025-54745 concerns a Missing Authorization vulnerability in miniOrange’s Google Authenticator WordPress plugin (miniorange-2-factor-authentication) up to version 6.1.1. Connected sources confirm a Broken Access Control/Incorrectly Configured Access Control vulnerability affecting the plugin ...
CVE-2025-54745 WordPress miniOrange's Google Authenticator Plugin <= 6.1.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in miniOrange miniOrange's Google Authenticator miniorange-2-factor-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniOrange's Google Authenticator: from n/a through = 6.1.1...
CVE-2025-39841 affecting package kernel for versions less than 6.6.112.1-1
CVE-2025-39841 affecting package kernel for versions less than 6.6.112.1-1. A patched version of the package is available...
CVE-2025-54560
A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Probing of internal infrastructure...
PT-2025-46987
Name of the Vulnerable Software and Affected Versions Desktop Alert PingAlert versions 6.1.0.11 through 6.1.1.2 Description A flaw exists in the Application Server of Desktop Alert PingAlert that can lead to the disclosure of technical information via stack traces. Recommendations Update to a...
AZL-64395 CVE-2025-38087 affecting package kernel for versions less than 6.6.96.1-1
In the Linux kernel, the following vulnerability has been resolved: net/sched: fix use-after-free in tapriodevnotifier Since taprio’s tapriodevnotifier isn’t protected by an RCU read-side critical section, a race with advancesched can lead to a use-after-free. Adding rcureadlock inside...
CVE-2017-11197
In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option...
DTEX DEC-M 安全漏洞
DTEX DEC-M is a unified internal risk management platform from DTEX Corporation. A security vulnerability exists in DTEX DEC-M version 6.1.1, which stems from a lack of proper logical validation, and allows an attacker to elevate privileges to root via an unauthorized client connection using the...
FFmpeg 安全漏洞
FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. An integer overflow vulnerability exists in FFmpeg n6.1.1, which can be exploited by a remote attacker to submit a special file and trick the user into parsing it, which can crash the...
AZL-55715 CVE-2024-53170 affecting package kernel for versions less than 6.6.76.1-1
In the Linux kernel, the following vulnerability has been resolved: block: fix uaf for flush rq while iterating tags blkmqclearflushrqmapping is not called during scsi probe, by checking blkqueueinitdone. However, QUEUEFLAGINITDONE is cleared in delgendisk by commit aec89dc5d421 "block: keep...
DEBIAN-CVE-2024-35367
FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dspaltivec.c, static const vecs8 hsubpelfiltersouter...
Astra Linux – Vulnerability in ffmpeg
FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library, which allows for an integer overflow. This could potentially lead to a denial-of-service DoS attack or other undefined behaviors...
RTI Connext Professional 安全漏洞
RTI Connext Professional is a connectivity platform from RTI USA designed to meet the demanding requirements of the Industrial Internet of Things IIoT. A security vulnerability exists in RTI Connext Professional versions 5.3.1 through prior to 6.1.1, which stems from the presence of a buffer...
PT-2022-7658 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.1.1 Description: The vulnerability is related to a buffer overflow issue in the vivid component of the Linux kernel. It occurs due to a failure to check boundaries after adjusting the compose height in the V4L...
WordPress plugin Cimy Header Image Rotator 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Cimy Header Image Rotator plugin 6.1.1 and earlier versions are vulnerable to cross-site...