12 matches found
CVE-2026-4738
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal frmts/zlib/contrib/infback9 modules. This vulnerability is associated with program files inftree9.C. This issue affects gdal: before 3.11.0...
CVE-2026-28352 Indico missing access check in event series management API
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.11, the API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint. The impact of this ...
CVE-2025-13414
CVE-2025-13414 affects the Chamber Dashboard Business Directory plugin for WordPress. The vulnerability arises from a missing capability check on the export function (cdash_watch_for_export), enabling unauthenticated attackers to export sensitive business-directory data. All versions up to and in...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses openjdk 17.0.14 and Python 3.11.11 which is vulnerable to CVEs listed in Summary.
Summary IBM Maximo Application Suite - Manage Component uses openjdk 17.0.14 which is vulnerable to CVE-2025-21587 ,CVE-2025-30698 , CVE-2025-2900 and Python 3.11.11 which is vulnerable to CVE-2025-4435,CVE- 2024-12718,CVE-2025-4330, CVE-2025-45. This bulletin contains information regarding the...
Fedora: Security Advisory (FEDORA-2024-f247f05e2e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-24385
Auth. author+ Stored Cross-Site Scripting XSS vulnerability in David Lingren Media Library Assistant plugin = 3.11 versions...
CVE-2023-3124
The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the updatepageoption function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update...
SUSE-SU-2025:0551-1 Security update for python311
This update for python311 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. bsc1236705 Other fixes: - Update to version 3.11.11. - Remove -IVendor/ from python-config. bsc1231795...
CVE-2023-30901
A vulnerability has been identified in SICAM P850 7KG8500-0AA00-0AA0 All versions V3.11, SICAM P850 7KG8500-0AA00-2AA0 All versions V3.11, SICAM P850 7KG8500-0AA10-0AA0 All versions V3.11, SICAM P850 7KG8500-0AA10-2AA0 All versions V3.11, SICAM P850 7KG8500-0AA30-0AA0 All versions V3.11, SICAM P8...
Tarantella Enterprise Security Bypass Access Control Vulnerability
Tarantella Enterprise is a centralized data and application management tool that provides a Web management interface and runs on most Unix and Linux platforms. A security vulnerability exists in Tarantella Enterprise versions prior to 3.11. The vulnerability can be exploited to gain access to use...
WESEEK GROWI Cross-Site Scripting Vulnerability
WESEEK GROWI is an open source team collaboration software developed by WESEEK Japan. The software features asset management, quick search and member management. A cross-site scripting vulnerability exists in WESEEK GROWI 3.1.11 and earlier versions, which can be exploited by remote attackers to...
CVE-2016-1350
Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service device reload via malformed SIP messages, aka Bug ID CSCuj23293...