9 matches found
CVE-2025-13126
The wpForo Forum plugin for WordPress is vulnerable to generic SQL Injection via the postargs and topicargs parameters in all versions up to, and including, 2.4.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes ...
ALPINE-CVE-2025-58060
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. This results in...
CVE-2025-58364 cups: Remote DoS via null dereference
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability available in local...
CVE-2025-58060 cups has Authentication bypass with AuthType Negotiate
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. This results in...
WordPress Easy Custom Auto Excerpt plugin <= 2.4.12 - Sensitive Information Exposure vulnerability
Sensitive Information Exposure vulnerability discovered by Krzysztof Zając in WordPress Plugin Easy Custom Auto Excerpt versions = 2.4.12...
SUSE CVE-2011-3372
imap/nntpd.c in the NNTP server nntpd for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command...
ALPINE-CVE-2022-0547
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials...
PT-2021-3932 · Advantech · Advantech R-Seenet
Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet version 2.4.12 Description: The issue exists in the telnet form.php script functionality, allowing for cross-site scripting vulnerabilities. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code...
Wireshark Null Pointer Dereference Vulnerability (CNVD-2019-18501)
Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A null pointer dereference vulnerability exists in the TCAP parser in Wireshark versions...