14 matches found
RockyLinux 9 : nginx:1.24 (RLSA-2026:19371)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19371 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the RockyLinux security...
CVE-2026-10291
A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern leads to inefficient...
WordPress plugin CitiLights 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress Scheduled & Automatic Order Status Controller for WooCommerce plugin <= 3.7.1 - Open Redirection Vulnerability
Open Redirection Vulnerability discovered by Le Ngoc Anh in WordPress Plugin Scheduled & Automatic Order Status Controller for WooCommerce versions = 3.7.1...
VulnCheck KEV: CVE-2024-48307
JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData...
Elastic Cloud Enterprise 3.7.1 Security Update (ESA-2024-08)
Elastic Cloud Enterprise - Uncontrolled Resource Consumption through HTTP/2 endpoints - CVE-2023-45288 ESA-2024-08 On April 4, 2024, the Go Project announced CVE-2023-45288, which can lead to CPU exhaustion as an attacker can cause an HTTP/2 endpoint to read arbitrary amounts of header data. In t...
1E Platform SQL Injection Vulnerability
1E Platform is a terminal endpoint management and automation solution from 1E. A security vulnerability exists in 1E Platform versions prior to v8.1.2, prior to v8.4.1, prior to v9.0.1, and prior to v23.7.1 SaaS, which stems from the incorrect neutralization of special elements used in SQL...
CVE-2023-34738
Chemex through 3.7.1 is vulnerable to arbitrary file upload...
SUSE CVE-2018-12035
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yrexecutecode in libyara/exec.c...
CVE-2022-3713
creationtimestamp| type| source ---|---|--- 2022-12-01 20:36:58+00:00| seen| https://t.me/cibsecurity/53778 2022-12-07 10:30:06+00:00| exploited| https://t.me/truesecator/3794...
WordPress plugin Phone Orders for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2022-37153
creationtimestamp| type| source ---|---|--- 2022-08-24 16:27:36+00:00| seen| https://t.me/cibsecurity/48640 2022-08-25 15:01:03+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/6670 2025-09-17 21:02:39+00:00| seen|...
PT-2019-11610 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: Moodle versions prior to 3.7.1 Moodle versions prior to 3.6.5 Moodle versions prior to 3.5.7 Description: A flaw was found in the XML loading/unloading admin tool where a sesskey CSRF token was not being utilized. Recommendations: For version...
PT-2018-2307
Name of the Vulnerable Software and Affected Versions Sprockets versions 4.0.0.beta7 and lower Sprockets versions 3.7.1 and lower Sprockets versions 2.12.4 and lower Description The issue is related to errors in request processing, allowing a remote attacker to read files outside an application's...