Astra Linux - уязвимость в tar

A flaw was discovered in the src/list.c file of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The greatest threat posed by this vulnerability is to system availability...

CVE-2026-25235

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

Fedora 44 : kubernetes1.33 (2025-fe1d8025b0)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-fe1d8025b0 advisory. Automatic update for kubernetes1.33-1.33.6-1.fc44. Changelog Thu Nov 13 2025 Bradley G Smith - 1.33.6-1 - Update to release v1.33.6 - Resolves:...

EUVD-2025-7977

Malicious code in bioql PyPI...

Fedora: Security Advisory (FEDORA-2025-51e8d5ec56)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : kubernetes1.33 (2025-409ed32016)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-409ed32016 advisory. - Update to release v1.33.4 - Resolves: rhbz2388412 - Fixes CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference - Upstream fixes Tenable h...

CVE-2014-8673

Multiple SQL vulnerabilities exist in planning.php, userlist.php, projets.php, usergroupes.php, and groupelist.php in Simple Online Planning SOPPlanningbefore 1.33...

WordPress Easy 301 Redirects plugin <= 1.33 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Easy 301 Redirects versions = 1.33...

WordPress plugin Easy 301 Redirects 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2022-45355

Auth. admin+ SQL Injection SQLi vulnerability in ThimPress WP Pipes plugin = 1.33 versions...

CVE-2024-5582

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' attribute within the Q&A Block widget in all versions up to, and including, 1.33 due to insufficient input sanitization and output escaping on user supplied attribute...

WordPress Schema & Structured Data for WP & AMP Plugin <= 1.33 is vulnerable to Cross Site Scripting (XSS)

Software Schema & Structured Data for WP & AMP Type Plugin Vulnerable versions = 1.33 Fixed in 1.34.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5582 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6eff26d1a4e3 Credits...

CVE-2023-47828

Missing Authorization vulnerability in Mandrill wpMandrill.This issue affects wpMandrill: from n/a through 1.33...

PT-2023-26196 · Macstadium +1 · Jenkins Orka By Macstadium Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Orka by MacStadium Plugin versions 1.33 and earlier Description: A missing permission check in the Jenkins Orka by MacStadium Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using...

CVE-2022-45355

Auth. admin+ SQL Injection SQLi vulnerability in ThimPress WP Pipes plugin = 1.33 versions...

WordPress Plugin WP Pipes SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read. A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this...

CVE-2019-15124

In the MobileFrontend extension for MediaWiki, XSS exists within the edit summary field of the watchlist feed. This affects REL131, REL132, and REL133...

CVE-2014-8673

Multiple SQL vulnerabilities exist in planning.php, userlist.php, projets.php, usergroupes.php, and groupelist.php in Simple Online Planning SOPPlanningbefore 1.33...

MediaWiki MobileFrontend extension cross-site scripting vulnerability

MediaWiki is the American MediaWiki Wikimedia Foundation's set of free and free web-based Wiki engine. The product can be used to deploy in-house knowledge management and content management systems. mobileFrontend extension is used in one of the mobile front-end extension. A cross-site scripting...