Debian dla-4349 : request-tracker4 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4349 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4349-1 [email protected] https://www.debian.org/lts/security/...

EUVD-2017-1025

Malware in sbrugna...

EUVD-2016-7670

Malware in sbrugna...

EUVD-2024-27000

Malicious code in bioql PyPI...

Creacast Creabox Manager 安全漏洞

Creacast Creabox Manager is a device management system from Creacast France. A security vulnerability exists in Creacast Creabox Manager version 4.4.4, which originates in the edit.php endpoint that allows the injection of arbitrary Lua code, which could lead to remote code execution and full...

Linux Distros Unpatched Vulnerability : CVE-2023-43279

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Null Pointer Dereference in maskcidr6 component at cidr.c in Tcpreplay 4.4.4 allows attackers to crash the application via crafted tcprewrite command...

PT-2025-23165 · Tcpreplay +1 · Tcpreplay +1

Name of the Vulnerable Software and Affected Versions: tcpreplay version 4.4.4 Description: The issue is related to an infinite loop in the tcprewrite function, located at get.c. This infinite loop can be triggered, potentially causing the software to become unresponsive. Recommendations: For...

Fedora: Security Advisory (FEDORA-2025-08e73d463e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-37440

Missing Authorization vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.4.4...

CVE-2021-24963

The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the qcres parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scripting...

Moodle 4.4.x < 4.4.4 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.14, 4.2.x prior to 4.2.11, 4.3.x prior to 4.3.8, or 4.4.x prior to 4.4.4. It is, therefore, affected by multiple vulnerabilities. - An IDOR when fetching report schedules. - Some users can...

Moodle < 4.1.14 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.14, 4.2.x prior to 4.2.11, 4.3.x prior to 4.3.8, or 4.4.x prior to 4.4.4. It is, therefore, affected by multiple vulnerabilities. - An IDOR when fetching report schedules. - Some users can...

Access Control Bypass

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Access Control Bypass due to insufficient access control checks in the process of fetching course badges. Remediation Upgrade moodle/moodle to version 4.4.4 or higher. References - GitHub Commit -...

WordPress plugin Church Admin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-39465 · WordPress · The Gift Cards

Name of the Vulnerable Software and Affected Versions: The Gift Cards Gift Vouchers and Packages plugin for WordPress versions up to, and including, 4.4.4 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output...

CVE-2024-31490

CVE-2024-31490 affects Fortinet FortiSandbox products (FortiSandbox 4.4.0–4.4.4; 4.2.1–4.2.6; 4.0 all versions; 3.2.2–3.2.4; 3.1.5). The issue is an information disclosure via HTTP GET requests, enabling an attacker to access sensitive information. The connected documents confirm the affected ver...

PT-2024-10348 · Drupal · Drupal Responsive/Off-Canvas Menu

Name of the Vulnerable Software and Affected Versions: Drupal Responsive and off-canvas menu versions 0.0.0 through 4.4.3 Description: The issue is related to an Incorrect Authorization vulnerability in the Drupal Responsive and off-canvas menu, which allows for Forceful Browsing. This means that...

WordPress Church Admin Plugin <= 4.4.4 is vulnerable to Broken Access Control

Software Church Admin Type Plugin Vulnerable versions = 4.4.4 Fixed in 4.4.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37440 Patch priority Low CVSS severity Low 4.3 Developer Andy Moyle PSID 7a86d2a04714 Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress NextScripts Plugin <= 4.4.3 is vulnerable to Cross Site Scripting (XSS)

Software NextScripts Type Plugin Vulnerable versions = 4.4.3 Fixed in 4.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1762 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2c09536c816a Credits Piotr Kuśpit Required...

WordPress NextScripts Plugin <= 4.4.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software NextScripts Type Plugin Vulnerable versions = 4.4.3 Fixed in 4.4.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1446 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 891652032504 Credits Krzysztof Zając Required...