RHCOS 4 : OpenShift Container Platform 4.11.1 (RHSA-2022:6102)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6102 advisory. - golang: crypto/tls: session tickets lack random ticketageadd CVE-2022-30629 Note that Nessus has not tested for this issue but has instead...

Chatwoot 安全漏洞

Chatwoot is an open-source application developed by Chatwoot itself. It serves as an alternative to proprietary solutions such as customer engagement suites, intercom systems, Zendesk, and Salesforce service clouds. Chatwoot versions 4.11.1 and earlier contain security vulnerabilities, which stem...

CVE-2026-1781 MC4WP: Mailchimp for WordPress <= 4.11.1 - Missing Authorization to Unauthenticated Arbitrary Subscription Deletion

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the mc4wpaction POST parameter without validation, allowing unauthenticated attackers to force the form to process...

CVE-2026-29192 ZITADEL: Stored XSS via Default URI Redirect Leads to Account Takeover

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via Default URI Redirect. This issue has been patched in version 4.12.0...

CVE-2026-29192

Technical details for CVE-2026-29192 are not provided in the connected documents. No specifics on affected products beyond Zitadel 4.0.0–4.11.1 or remediation beyond patch to 4.12.0. Monitor for official advisories and updates.

CVE-2026-27946

ZITADEL is an open source identity management platform. Prior to versions 4.11.1 and 3.4.7, a vulnerability in Zitadel's self-management capability allowed users to mark their email and phone as verified without going through an actual verification process. The patch in versions 4.11.1 and 3.4.7...

CVE-2026-27945 ZITADEL has potential SSRF via Actions

ZITADEL is an open source identity management platform. Zitadel Action V2 introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0 is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token. Zitadel's Action target URLs...

Improper Request Caching Lookup in the Auth0 Next.js SDK

Description When using affected versions of the Next.js SDK, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. Am I Affected? You are affected if you meet the following preconditions: - Applications using the auth0/nextjs-aut...

CVE-2025-43515

The issue was addressed by refusing external connections by default. This issue is fixed in Compressor 4.11.1. An unauthenticated user on the same network as a Compressor server may be able to execute arbitrary code...

PT-2025-43407

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.11.1 Description FastGPT is a platform for building AI Agents. Versions of FastGPT before 4.11.1 contain a Server-Side Request Forgery SSRF issue in the workflow file reading node. The system does not verify the...

CVE-2021-32202

In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page...

WordPress Hotel Booking Lite Plugin <= 4.11.1 is vulnerable to PHP Object Injection

Software Hotel Booking Lite Type Plugin Vulnerable versions = 4.11.1 Fixed in 4.11.2 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4413 Patch priority High CVSS severity High 9 Developer Claim ownership PSID f9d7cef7773f Credits Trinh Vu Sonicrrrr Required privilege...

PT-2023-14727 · Sleuth Kit · Sleuthkit

Name of the Vulnerable Software and Affected Versions: sleuthkit fls tool version 4.11.1 Description: The issue allows attackers to execute arbitrary commands via a crafted value to the m parameter. This is an OS Command injection vulnerability. Note that there is a dispute regarding the impact o...

Jenkins Git Plugin 信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...

PT-2022-20401 · Jenkins · Jenkins Git Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Git Plugin versions 4.11.1 and earlier Description: The issue allows attackers who can configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs. This enables...

PT-2022-16834 · Weblate · Weblate

Name of the Vulnerable Software and Affected Versions: Weblate versions prior to 4.11.1 Description: Weblate is a web-based localization tool with tight version control integration. Prior to version 4.11.1, Weblate didn't properly sanitize some arguments passed to Git and Mercurial, allowing them...

Linux kernel elevation of privilege vulnerability (CNVD-2017-243541)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A security vulnerability exists in the 'sanitycheckrawsuper' function in the fs/f2fs/super.c file in versions of Linux kernel prior to 4.11.1. A local attacker could exploit...

Linux kernel denial of service vulnerability (CNVD-2017-07507)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A denial of service vulnerability exists in the 'sctpv6createacceptsk' function in the net/sctp/ipv6.c file in Linux kernel versions 4.11.1 and earlier, which stems from the...

Linux kernel denial of service vulnerability (CNVD-2017-07555)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A denial of service vulnerability exists in the NFSv4 implementation process in Linux kernel 4.11.1 and earlier versions. A local attacker could exploit this vulnerability to...

PT-2017-2224 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.11.1 Description: The issue is related to the implementation of IPv6 packet fragmentation in the Linux kernel, which does not properly handle an invalid option associated with the nexthdr field. This can be...