OPENSUSE-SU-2026:10643-1 php-composer2-2.9.7-1.1 on GA media

These are all security issues fixed in the php-composer2-2.9.7-1.1 package on the GA media of openSUSE Tumbleweed...

EUVD-2025-206105

A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack...

CVE-2025-15398 Uasoft badaso Token BadasoAuthController.php forgetPassword password recovery

A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack...

CVE-2025-12362 myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program <= 2.9.7 - Missing Authorization to Unauthenticated Withdrawal Request Approval

The myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.9.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

Fedora 42 : tinygltf (2025-ac8ed4a110)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-ac8ed4a110 advisory. Update to 2.9.7 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Fedora: Security Advisory (FEDORA-2025-ac8ed4a110)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 43 Update: tinygltf-2.9.7-1.fc43

TinyGLTF is a header only C++11 glTF 2.0 library...

CVE-2025-8416

The Product Filter by WBW plugin for WordPress is vulnerable to SQL Injection via the 'filtersDataBackend' parameter in all versions up to, and including, 2.9.7. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-8416 Product Filter by WBW <= 2.9.7 - Unauthenticated SQL Injection

The Product Filter by WBW plugin for WordPress is vulnerable to SQL Injection via the 'filtersDataBackend' parameter in all versions up to, and including, 2.9.7. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-8416

CVE-2025-8416 affects the WordPress Plugin Product Filter by WBW. All versions up to 2.9.7 are vulnerable to unauthenticated SQL injection via the filtersDataBackend parameter due to insufficient input escaping and inadequate SQL query preparation. The issue allows attackers to append additional ...

EUVD-2020-0011

Malware in sbrugna...

EUVD-2017-16584

Malware in sbrugna...

libxml2 security update

2.9.7.21.3 - Fix CVE-2025-32415 RHEL-100177 2.9.7.21.2 - Fix CVE-2025-7425 RHEL-102797 2.9.7-21.1 - Fix CVE-2025-6021 RHEL-96498 - Fix CVE-2025-49794 RHEL-96398 - Fix CVE-2025-49796 RHEL-96424...

libxml2 security update

2.9.7-20 - Fix CVE-2025-32414 RHEL-88198...

CVE-2024-32690

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fahad Mahmood RSS Feed Widget allows Stored XSS.This issue affects RSS Feed Widget: from n/a through 2.9.7...

CVE-2023-38974

A stored cross-site scripting XSS vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter...

CVE-2021-25103

The Translate WordPress with GTranslate WordPress plugin before 2.9.7 does not sanitise and escape the body parameter in the urladdon/gtranslate-email.php file before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue. Note: exploitation of the issue requires...

CVE-2024-8668

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tooltip and countdown functionality in all versions up to, and including, 2.9.7 due to insufficient input...

PT-2024-39166 · WordPress · The Shoplentor

Name of the Vulnerable Software and Affected Versions: The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution plugin for WordPress versions up to, and including, 2.9.7 Description: The issue is related to Stored Cross-Site Scripting via the tooltip and...

PT-2024-24777 · Unknown · Fahad Mahmood Rss Feed Widget

Name of the Vulnerable Software and Affected Versions: Fahad Mahmood RSS Feed Widget versions 2.9.7 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can injec...