Astra Linux - уязвимость в libxstream-java

XStream is a Java library for serializing objects to XML and back again. Before version 1.4.16, XStream had a vulnerability that could allow a remote attacker with sufficient rights to execute commands on the host by manipulating the processed input stream. However, no users are affected as long ...

EUVD-2026-31034

The 診断ジェネレータ作成プラグイン Diagnosis Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc function. The function is hooke...

WordPress plugin os-diagnosis-generator 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Astra Linux - уязвимость в libxstream-java

XStream is a Java library for serializing objects to XML and back again. Before version 1.4.16, XStream had a vulnerability that could allow a remote attacker to allocate 100% of the CPU resources on the target system, depending on the CPU type or the parallel execution of certain payloads. This...

Astra Linux - уязвимость в libxstream-java

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup...

Astra Linux - уязвимость в libxstream-java

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

Astra Linux - уязвимость в libxstream-java

XStream is a Java library for serializing objects to XML and back again. Before version 1.4.16, XStream had a vulnerability that could allow a remote attacker to request data from internal resources that were not publicly available, by manipulating the processed input stream. No users are affecte...

CVE-2026-28047

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magentech Victo victo allows PHP Local File Inclusion.This issue affects Victo: from n/a through = 1.4.16...

EUVD-2026-9707

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magentech Victo victo allows PHP Local File Inclusion.This issue affects Victo: from n/a through = 1.4.16...

CVE-2026-28047 WordPress Victo theme <= 1.4.16 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magentech Victo victo allows PHP Local File Inclusion.This issue affects Victo: from n/a through = 1.4.16...

CVE-2026-28047

CVE-2026-28047 affects the Victo WordPress theme (Victo

CVE-2026-28047 WordPress Victo theme <= 1.4.16 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magentech Victo victo allows PHP Local File Inclusion.This issue affects Victo: from n/a through = 1.4.16...

PT-2026-23327

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magentech Victo victo allows PHP Local File Inclusion.This issue affects Victo: from n/a through = 1.4.16...

CVE-2025-68002

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in 100plugins Open User Map open-user-map allows Path Traversal.This issue affects Open User Map: from n/a through = 1.4.16...

CVE-2025-68002

CVE-2025-68002 affects WordPress plugin Open User Map (&lt;= 1.4.16). The issue is path traversal allowing arbitrary file download. Wordfence reports this as an active vulnerability with patched status; PatchStack notes the vulnerability as Open User Map

CVE-2025-68002 WordPress Open User Map plugin <= 1.4.16 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in 100plugins Open User Map open-user-map allows Path Traversal.This issue affects Open User Map: from n/a through = 1.4.16...

PT-2026-21068

Name of the Vulnerable Software and Affected Versions 100plugins Open User Map versions through 1.4.16 Description The software contains a flaw related to improper limitation of a pathname to a restricted directory, also known as Path Traversal. This allows unauthorized access to files and...

WordPress plugin Open User Map 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress Open User Map plugin <= 1.4.16 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Open User Map versions = 1.4.16...

BIT-ACTIVEMQ-2021-21349 A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is...