WordPress WineShop theme <= 3.17 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme WineShop versions = 3.17...

CVE-2026-39969

TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...

EUVD-2024-52476

Malicious code in bioql PyPI...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server version...

CVE-2024-54353

Cross-Site Request Forgery CSRF vulnerability in wpgear Hack-Info hack-info allows Stored XSS.This issue affects Hack-Info: from n/a through = 3.17...

SUSE-SU-2024:2298-1 Security update for openCryptoki

This update for openCryptoki fixes the following issues: openCryptoki was updated to version to 3.17.0 bsc1220266, bsc1219217 + openCryptoki 3.17 - tools: added function to list keys to p11sak - common: added support for OpenSSL 3.0 - common: added support for event notifications - ICA: added SW...

CVE-2024-5544

The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the order parameter in all versions up to, and including, 3.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

CVE-2024-5544

The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the order parameter in all versions up to, and including, 3.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

WordPress Media Library Assistant plugin <= 3.17 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Le Ngoc Anh in WordPress Plugin Media LIbrary Assistant versions = 3.17...

WordPress Media Library Assistant Plugin <= 3.17 is vulnerable to Cross Site Scripting (XSS)

Software Media Library Assistant Type Plugin Vulnerable versions = 3.17 Fixed in 3.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5544 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1feab5b6d22c Credits Le Ngoc Anh...

CVE-2024-26306 affecting package iperf3 for versions less than 3.17-1

CVE-2024-26306 affecting package iperf3 for versions less than 3.17-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-7250 affecting package iperf3 for versions less than 3.17-1

CVE-2023-7250 affecting package iperf3 for versions less than 3.17-1. An upgraded version of the package is available that resolves this issue...

GSD-2022-1004059 wifi: mac80211: fix use-after-free in chanctx code

wifi: mac80211: fix use-after-free in chanctx code This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.318 by commit...

GSD-2022-1002762 Bluetooth: use hdev lock for accept_list and reject_list in conn req

Bluetooth: use hdev lock for acceptlist and rejectlist in conn req This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.3 by commit...

GSD-2022-1000803 net-timestamp: convert sk->sk_tskey to atomic_t

net-timestamp: convert sk-sktskey to atomict This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.26 by commit...

UVI-2021-1000525 Bluetooth: SMP: Fail if remote and local public keys are identical

Bluetooth: SMP: Fail if remote and local public keys are identical This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.234 by commit...

CVE-2017-12626

Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1 Infinite Loops while parsing crafted WMF, EMF, MSG and macros POI bugs 61338 and 61294, and 2 Out of Memory Exceptions while parsing crafted DOC, PPT and XLS POI bugs 52372 and 61295...

Linux kernel ALSA subsystem denial of service vulnerability

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A security vulnerability exists in the 'sndcompresscheckinput' function in the sound/core/compressoffload.c file in the ALSA subsystem of the Linux kernel prior to version 3.1...

Sniggabo CMS 3.17 Cross Site Scripting

Sniggabo CMS v. 3.17 - Cross Site Scripting Vulnerability My + Author : KnocKout Contact : [email protected] onlymail HomePage : http://h4x0resec.blogspot.com - http://Cyber-warrior.org Software info |Web App. : Sniggabo CMS | Version : v. 3.17 New version |Software Official Website:...

PT-2012-4698 · Linux +2 · Linux Diskquota +2

Name of the Vulnerable Software and Affected Versions: Linux DiskQuota aka quota versions prior to 3.17 Description: The issue concerns the good client function in rquotad, which might allow remote attackers to bypass TCP Wrappers rules in hosts.deny. This occurs because the hosts ctl function is...