11 matches found
CVE-2026-2437
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wtetriptax' shortcode in all versions up to, and including, 6.7.5 due to insufficient input sanitization and output escaping on user supplied...
Linux Distros Unpatched Vulnerability : CVE-2026-28804
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long...
CVE-2026-28804
pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. This issue has been patched in version 6.7.5...
CVE-2026-28804
pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. This issue has been patched in version 6.7.5...
CVE-2026-28804
CVE-2026-28804 affects pypdf prior to 6.7.5. A crafted PDF that uses the /ASCIIHexDecode filter can cause long runtimes (DoS) when decoding streams. This vulnerability is resolved by upgrading to pypdf 6.7.5 or later, as noted in multiple sources (NVD/NIST entry, IBM Watson Discovery Cartridge ad...
pypdf 安全漏洞
pypdf is an open-source, free Python library developed by py-pdf. It allows for splitting, merging, cropping, and converting pages within PDF files. Prior to version 6.7.5, pypdf had a security vulnerability. This vulnerability stemmed from the use of the /ASCIIHexDecode filter when accessing...
WordPress Consulting theme < 6.7.5 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Consulting versions 6.7.5...
CVE-2022-2675
Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 using firmware version 0.1.35 can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1...
PT-2021-3164
Name of the Vulnerable Software and Affected Versions FasterXML jackson-databind versions 2.x before 2.9.10.8 FasterXML jackson-databind versions 2.6.x before 2.6.7.5 Description The issue is related to the interaction between serialization gadgets and typing, specifically with the...
CVE-2018-7066
An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. The ClearPass OnConnect feature permits administrators to link other network devices into ClearPass for the purpose of collecting enhanced information about connected endpoints. A defect in the...
b2evolution HTML Injection Vulnerability
b2evolution is a PHP and MySQL based blogging software developed by software developer Francois Planque. An HTML injection vulnerability exists in b2evolution 6.7.5 and earlier versions, which stems from the program's failure to adequately filter user-submitted input. When a user browses the...