4 matches found
SUSE SLED15 / SLES15 / openSUSE 15 : Recommended update for apache-commons-io (SUSE-SU-SUSE-RU-2025:1150-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-SUSE-RU-2025:1150-1 advisory. apache-commons-io was updated from version 2.15.1 to 2.18.0: - Key changes across versions: Clean...
CVE-2024-12313
The Compare Products for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.1 via deserialization of untrusted input from the 'woocomparelist' cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No know...
CVE-2023-22491 gatsby-transformer-remark vulnerable to unsanitized JavaScript code injection
Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...
OS Command Injection
mechanize is vulnerable to OS command injection. The Kernel.open method could be used to inject and execute arbitrary OS commands invoked through several class methods. Exploitation is possible when untrusted input is used as a local filename and is passed to the affected functions...