OPENSUSE-SU-2026:10353-1 ruby4.0-rubygem-loofah-2.23.1-1.5 on GA media

These are all security issues fixed in the ruby4.0-rubygem-loofah-2.23.1-1.5 package on the GA media of openSUSE Tumbleweed...

CVE-2026-24555

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Stored XSS.This issue affects ArtPlacer Widget: from n/a through = 2.23.2...

CVE-2026-24555

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Stored XSS.This issue affects ArtPlacer Widget: from n/a through = 2.23.1...

CVE-2026-24555

CVE-2026-24555 : WordPress ArtPlacer Widget (artplacer-widget) is affected by a stored XSS due to improper input handling in the package’s web page generation. Affected product/version: ArtPlacer Widget up to and including 2.23.1. Evidence from multiple sources confirms the vulnerability and the ...

WordPress plugin ArtPlacer Widget has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

SQL Injection in the KubeClarity REST API

Summary A time/boolean SQL Injection is present in the following resource /api/applicationResources via the following parameter packageID Details As it can be seen here, while building the SQL Query the fmt.Sprintf function is used to build the query string without the input having first been...

JVN#78253670: web2py development tool vulnerable to open redirect

The admin development tool included in the web2py source code contains an open redirect vulnerability CWE-601. According to the developer, they do not recommend using the tool in operational environment or disclosing it on the Internet. Impact When using the tool, a web2py user may be redirected ...

WordPress plugin Easy Smooth Scroll Links跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Easy Smooth Scroll Links plugin version prior to 2.23.1 has a cross-site scripting vulnerability that stems from the plugin'...

privacyIDEA Improper Input Validation vulnerability

privacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token validation api that can result in Denial-of-Service. This attack appear to be exploitable via http request with user=&pass= to /validate/check url. This vulnerability appears to have been fixed in...

GHSA-7QQV-R2Q4-JXHM privacyIDEA Improper Input Validation vulnerability

privacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token validation api that can result in Denial-of-Service. This attack appear to be exploitable via http request with user=&pass= to /validate/check url. This vulnerability appears to have been fixed in...

CVE-2018-1000809

privacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token validation api that can result in Denial-of-Service. This attack appear to be exploitable via http request with user=&pass= to /validate/check url. This vulnerability appears to have been fixed in...

CVE-2018-1000809

privacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token validation api that can result in Denial-of-Service. This attack appear to be exploitable via http request with user=&pass= to /validate/check url. This vulnerability appears to have been fixed in...

CVE-2018-1000809

CVE-2018-1000809 affects privacyIDEA 2.23.1 and earlier, with an Improper Input Validation vulnerability in the token validation API that can cause Denial-of-Service. The issue is exploitable via an HTTP request to /validate/check with crafted user and pass parameters. Versions up to 2.23.1 are i...

Yelp 2.23.1 - Invalid URI Format String

source: https://www.securityfocus.com/bid/30690/info Yelp is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function. A remote attacker may exploit th...

Yelp 2.23.1 - Invalid URI Format String

Yelp 2.23.1 - Invalid URI Format String source: https://www.securityfocus.com/bid/30690/info Yelp is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing...