21 matches found
TencentOS Server 4: storm (TSSA-2026:0414)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0414 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
CVE-2026-40557 Apache Storm Prometheus Reporter: Disabling TLS verification for Prometheus Reporter also disables it for all other connections
Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: from 2.6.3 to 2.8.6 Description: In production deployments where an administrator enables storm.daemon.metrics.reporter.plugin.prometheus.skiptlsvalidation by default it is...
[SECURITY] Fedora 43 Update: gh-2.87.0-2.fc43
A command-line interface to GitHub for use in your terminal or your scripts. gh is a tool designed to enhance your workflow when working with GitHub. It provides a seamless way to interact with GitHub repositories and perform vari ous actions right from the command line, eliminating the need to...
PT-2026-5491
Name of the Vulnerable Software and Affected Versions Navigate CMS version 2.8.7 Description Navigate CMS 2.8.7 is susceptible to a cross-site request forgery condition. This allows attackers to upload malicious extensions through a specially crafted HTML page. An attacker can deceive authenticat...
PT-2025-50041
Missing Authorization vulnerability in Steve Truman Page View Count page-views-count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page View Count: from n/a through = 2.8.7...
PT-2025-45103
Name of the Vulnerable Software and Affected Versions Ad Inserter versions up to and including 2.8.7 Description The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is susceptible to Stored Cross-Site Scripting through a custom field via the plugin’s adinserter shortcode. Insufficient...
WordPress plugin MSN Partner Hub 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
golang security update
An update is available for golang. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The golang packages provide the Go programming language compiler. Security...
CVE-2023-5714
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sddbspecs function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level acces...
Classroombookings 安全漏洞
Classroombookings is a Php, Mysql based school room booking system by Craig A Rodway Individual Developer. A security vulnerability exists in Classroombookings version 2.8.7, which stems from the parameter Name of the file/sessions of the component Session Page can lead to a cross-site scripting...
WordPress Plugin buddyforms security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
CVE-2023-32878
In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08307992...
CVE-2023-5712
The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdglobalvalue function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level...
WordPress plugin System Dashboard security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
EMSigner Security Vulnerability
EMSigner is an electronic signature solution from EMSigner India. A security vulnerability exists in EMSigner version v2.8.7, which stems from a vulnerability that allows an attacker to gain unauthorized access to application content and view sensitive data of other users by manipulating the...
BELL-CVE-2022-28736 CVE-2022-28736 does not affect BellSoft software
Bulletin has no description...
SUSE CVE-2020-36382
OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service...
CVE-2022-28721
creationtimestamp| type| source ---|---|--- 2022-09-26 18:36:34+00:00| seen| https://t.me/cibsecurity/50493...
CVE-2022-2870
creationtimestamp| type| source ---|---|--- 2022-08-17 22:40:30+00:00| seen| https://t.me/cibsecurity/48297...
CVE-2022-2287
creationtimestamp| type| source ---|---|--- 2022-07-03 02:40:53+00:00| seen| https://t.me/cibsecurity/45549...