OPENSUSE-SU-2026:10952-1 sshfs-3.7.6-1.1 on GA media

These are all security issues fixed in the sshfs-3.7.6-1.1 package on the GA media of openSUSE Tumbleweed...

EUVD-2026-23306

My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mcajaxmcjsaction AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parsestr without validation, allowing injection of arbitrary parameters including a site...

River Past Cam Do 代码问题漏洞

River Past Cam Do is a multimedia tool software for screen recording and video capture, developed by FlexHEX. Version 3.7.6 of River Past Cam Do contains a code vulnerability. This vulnerability stems from a local buffer overflow in the activation code input field, which could allow local attacke...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000823)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000823 advisory. The msropen function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted...

EUVD-2022-5647

Malicious code in bioql PyPI...

TastyIgniter 安全漏洞

TastyIgniter is an online ordering software from TastyIgniter open source. A security vulnerability exists in TastyIgniter version 3.7.6, which stems from improper access control of the indexonUpdateStatus function in the Orders Management System, which could result in an unauthorized user updati...

CVE-2024-37358

Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate...

GHSA-56JP-W6VW-J3JW Apache James vulnerable to denial of service through the use of IMAP literals

Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate...

CVE-2024-37358

Technical details about CVE-2024-37358 (affected software, impact, and fixes) are not provided in the connected documents. Monitor for updates.

CVE-2024-37358 Apache James: denial of service through the use of IMAP literals

Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate...

WordPress WP Product Review Lite plugin <= 3.7.5 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Sucuri in WordPress WP Product Review Lite plugin versions = 3.7.5. Solution Update the WordPress WP Product Review Lite plugin to the latest available version at least 3.7.6...

MGASA-2020-0055 Updated python3 packages fix security vulnerabilities

The python3 package has been updated to version 3.7.6, which fixes security issues and other bugs. See the upstream changelog for details...

LiveChat <= 3.7.2 - Unauthenticated Option Update/Reset and Stored XSS

The lack of proper CSRF and Authorisation checks could allow an unauthenticated attacker to update or reset the plugin's settings. Furthermore, when updating the livechatemail option, no sanitisation is performed, leading to a Stored XSS issue in the plugin's settings page. CSRF and XSS fixed in...

CVE-2017-17792

Cross site scripting XSS vulnerability in the markupcleanhref function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment...

CVE-2017-17794

validateformpreferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to bypass intended access restrictions via vectors related to an e-mail address field...

BlogoText 'validate_form_preferences' function access restriction bypass vulnerability

BlogoText is a lightweight SQLite blogging engine. An access restriction bypass vulnerability exists in the 'validateformpreferences' function in the admin/preferences.php file in BlogoText 3.7.6 and earlier versions. An attacker can exploit this vulnerability to bypass access restrictions...

WordPress < 3.7.6 / 3.8.6 / 3.9.4 / 4.1.2 Multiple Vulnerabilities

According to its version number, the WordPress application running on the remote web server is potentially affected by multiple vulnerabilities : - An unspecified flaw exists that allows an attacker to upload arbitrary files with invalid or unsafe names. Note that this only affects versions 4.1 a...