EUVD-2026-31485

TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...

CVE-2026-34413

Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit or die, allowing PHP execution to continue and process the...

CVE-2024-39915

Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Icinga and Shinken using the Livestatus API. This authenticated RCE in Thruk allows authorized users with network access to inject arbitrary commands via the URL parameter during PDF report generation. The Thruk web application...

Important: Red Hat Security Advisory: Red Hat Quay 3.16.0

Red Hat Quay 3.16.0 is now available with bug fixes. Quay 3.16.0...

CVE-2024-39915 Authenticated remote code execution in Thruk

Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Icinga and Shinken using the Livestatus API. This authenticated RCE in Thruk allows authorized users with network access to inject arbitrary commands via the URL parameter during PDF report generation. The Thruk web application...

CVE-2024-39915

Thruk (multibackend monitoring webinterface) is affected by CVE-2024-39915 via an authenticated remote code execution vulnerability. An authorized user with network access can exploit the vulnerability by injecting arbitrary commands through the URL parameter during PDF report generation, trigger...

WordPress Media Library Assistant plugin <= 3.16 - Authenticated SQL Injection vulnerability

Authenticated SQL Injection vulnerability discovered by Krzysztof Zając in WordPress Plugin Media LIbrary Assistant versions = 3.16...

WordPress Media Library Assistant Plugin <= 3.15 is vulnerable to SQL Injection

Software Media Library Assistant Type Plugin Vulnerable versions = 3.15 Fixed in 3.16 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3518 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID fe78e3bb0aff Credits Thanh Nam Tran Required privilege Contributo...

WordPress Media Library Assistant Plugin <= 3.15 is vulnerable to Cross Site Scripting (XSS)

Software Media Library Assistant Type Plugin Vulnerable versions = 3.15 Fixed in 3.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3519 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f2ec0a790f20 Credits Le Ngoc Anh...

CVE-2022-4526

A vulnerability was found in django-photologue up to 3.15.1 and classified as problematic. Affected by this issue is some unknown functionality of the file photologue/templates/photologue/photodetail.html of the component Default Template Handler. The manipulation of the argument object.caption...

PYSEC-2022-43061

A vulnerability was found in django-photologue up to 3.15.1 and classified as problematic. Affected by this issue is some unknown functionality of the file photologue/templates/photologue/photodetail.html of the component Default Template Handler. The manipulation of the argument object.caption...

CVE-2022-4526 django-photologue Default Template photo_detail.html cross site scripting

A vulnerability was found in django-photologue up to 3.15.1 and classified as problematic. Affected by this issue is some unknown functionality of the file photologue/templates/photologue/photodetail.html of the component Default Template Handler. The manipulation of the argument object.caption...

PT-2022-35048 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 3.16 through 6.0.2 Description: The issue is related to a reference leak in the of dra7 atl clk probe function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versio...

GSD-2022-1004710 cgroup: Use separate src/dst nodes when preloading css_sets for migration

cgroup: Use separate src/dst nodes when preloading csssets for migration This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.207 by commit...

GSD-2022-1004585 cgroup: Use separate src/dst nodes when preloading css_sets for migration

cgroup: Use separate src/dst nodes when preloading csssets for migration This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.132 by commit...

GSD-2021-1002623 net: systemport: Add global locking for descriptor lifecycle

net: systemport: Add global locking for descriptor lifecycle This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.294 by commit...

NVIDIA GeForce Experience Elevation of Privilege Vulnerability

NVIDIA GeForce Experience for Windows is a set of automatic update tools for Windows-based graphics cards from NVIDIA. A security vulnerability exists in versions of NVIDIA GeForce Experience prior to 3.16 for Windows 7. A local attacker can exploit this vulnerability to gain elevated privileges...

NVIDIA GeForce Experience Information Disclosure Vulnerability (CNVD-2018-26670)

NVIDIA GeForce Experience for Windows is a set of automatic update tools for Windows-based graphics cards from NVIDIA. A security vulnerability exists in NVIDIA GeForce Experience for Windows prior to version 3.16. A local attacker could exploit this vulnerability to obtain information...

Symantec Norton Mobile Security for Android Denial of Service Vulnerability

Symantec Norton Mobile Security for Android is the United States Symantec Symantec, Inc. based on the Android platform for mobile devices to provide security features of the software. A denial of service vulnerability exists in versions of Symantec Norton Mobile Security for Android prior to 3.16...

Libreswan IKEv1 Protocol Denial of Service Vulnerability

Libreswan is an Openswan-like implementation of IPsec developed by software developer Paul Wouters, which is used to ensure security and integrity issues in data transmission. A denial of service vulnerability exists in the IKEv1 protocol in Libreswan version 3.16. An attacker is allowed to explo...