CVE-2025-12352

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copypostimage function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's serv...

CVE-2025-12352

The CVE-2025-12352 issue affects the WordPress Gravity Forms plugin, specifically versions up to and including 2.9.20. The vulnerability arises from missing file type validation in the copy_post_image() function, allowing unauthenticated attackers to upload arbitrary files to the affected site’s ...

CVE-2025-12352 Gravity Forms <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image'

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copypostimage function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's serv...

Linux Distros Unpatched Vulnerability : CVE-2021-33798

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A null pointer dereference was found in libpano13, version libpano13-2.9.20. The flow allows attackers to cause a denial of service and potential code execute v...

Linux Distros Unpatched Vulnerability : CVE-2021-20307

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Format string vulnerability in panoFileOutputNamesCreate in libpano13 2.9.20rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values...

CVE-2023-28986

Cross-Site Request Forgery CSRF vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager plugin = 2.9.20 versions...

CVE-2021-33798

A null pointer dereference was found in libpano13, version libpano13-2.9.20. The flow allows attackers to cause a denial of service and potential code execute via a crafted file...

UBUNTU-CVE-2021-33798

A null pointer dereference was found in libpano13, version libpano13-2.9.20. The flow allows attackers to cause a denial of service and potential code execute via a crafted file...

Affiliates Manager < 2.9.21 - Cross-Site Request Forgery

Cross-Site Request Forgery CSRF vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager plugin = 2.9.20 versions...

libpano13: Format string vulnerability

Background libpano13 is Helmut Dersch’s panorama toolbox library. Description A format string issue exists within panoFileOutputNamesCreate where unvalidated input is passed directly into the formatter. Impact A remote attacker could entice a user to open a specially crafted file using libpano1...

Moderate: Red Hat Security Advisory: Ansible security update (2.9.20)

An update for ansible is now available for Ansible Engine 2 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links...

CVE-2011-0530

Buffer overflow in the mainloop function in nbd-server.c in the server in Network Block Device nbd before 2.9.20 might allow remote attackers to execute arbitrary code via a long request. NOTE: this issue exists because of a CVE-2005-3534 regression...