Security update for zabbix

This update for zabbix fixes the following issues: CVE-2024-36469: Introduced clamping for mitigation of timing attacks. bsc1240676 CVE-2024-42325: Restricted access to user fields using user.get API method for users of User and Admin type, and restricted access to alert entities using alert.get...

SUSE-SU-2026:0483-1 Security update for zabbix

This update for zabbix fixes the following issues: - CVE-2024-36469: Introduced clamping for mitigation of timing attacks. bsc1240676 - CVE-2024-42325: Restricted access to user fields using user.get API method for users of User and Admin type, and restricted access to alert entities using...

EUVD-2011-2871

Malware in sbrugna...

EUVD-2004-1031

Malware in sbrugna...

EUVD-2024-1259

Malicious code in bioql PyPI...

EUVD-2025-7181

Malicious code in bioql PyPI...

EUVD-2024-2881

Malicious code in bioql PyPI...

CVE-2025-54656

UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead...

PT-2025-27617 · WordPress · All-In-One Addons For Elementor – Widgetkit

Name of the Vulnerable Software and Affected Versions: All-in-One Addons for Elementor – WidgetKit plugin for WordPress versions up to, and including, 2.5.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'button+modal' widget due to insufficient input sanitizati...

PT-2025-27596 · WordPress · Magic Buttons For Elementor

Name of the Vulnerable Software and Affected Versions: Magic Buttons for Elementor plugin for WordPress versions prior to 1.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the plugin's...

PT-2025-25478 · WordPress · Kk Youtube Video

Name of the Vulnerable Software and Affected Versions: kk Youtube Video plugin for WordPress versions up to, and including, 0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'kkytv' shortcode due to insufficient input sanitization and output escaping on...

PT-2025-24892 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap versions 13.1.9 Description: A stored cross-site scripting XSS issue in the Project Dashboards allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the Dashboard title and Dashboard...

PT-2025-24039 · WordPress · Bns Featured Category

Name of the Vulnerable Software and Affected Versions: BNS Featured Category plugin for WordPress versions up to, and including, 2.8.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'bnsfc' shortcode due to insufficient input sanitization and output escaping on...

PT-2025-23586 · WordPress · The Newsletter

Name of the Vulnerable Software and Affected Versions: The Newsletter WordPress plugin versions prior to 8.8.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, i...

PT-2025-23280 · WordPress · La-Studio Element Kit For Elementor

Name of the Vulnerable Software and Affected Versions: LA-Studio Element Kit for Elementor plugin for WordPress versions up to, and including, 1.5.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied...

PT-2025-22907 · WordPress · The Essential Blocks – Page Builder Gutenberg Blocks

Name of the Vulnerable Software and Affected Versions: The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress versions up to, and including, 5.4.0 Description: The issue is related to Stored Cross-Site Scripting via HTML attributes in Slider and Post...

CVE-2024-4354

The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the getfilestoimport function. This makes it possible for authenticated attackers, with author-level access and above, to make web request...

CVE-2021-32477

The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability site administrators by default. Moodle versions 3.10 to 3.10.3 are affected...

PT-2025-22338 · WordPress · Dpepress

Name of the Vulnerable Software and Affected Versions: DPEPress plugin for WordPress versions up to, and including, 0.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'dpe' shortcode due to insufficient input sanitization and output escaping on user-supplied...

PT-2025-21789 · WordPress · Wp Booking Calendar

Name of the Vulnerable Software and Affected Versions: WP Booking Calendar plugin for WordPress versions up to, and including, 10.11.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wpbc shortcode due to insufficient input sanitization and output escaping on...