PT-2026-1737

Name of the Vulnerable Software and Affected Versions brandexponents Oshine oshin versions through 7.2.7 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion...

Oracle Linux 9 : redis:7 (ELSA-2025-20955)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20955 advisory. - rebase to 7.2.11 for CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819 - rebase to 7.2.10 for CVE-2025-27151 CVE-2025-32023 and...

EUVD-2025-12221

Malicious code in bioql PyPI...

CVE-2025-32960

The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...

CVE-2025-32960

The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...

CVE-2025-32960 CUBA Generic REST API Vulnerable to Cross-Site Scripting (XSS) in the /files Endpoint

The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...

CVE-2025-32960 CUBA Generic REST API Vulnerable to Cross-Site Scripting (XSS) in the /files Endpoint

The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...

CVE-2025-32960

The CVE-2025-32960 vulnerability affects the CUBA REST API add-on prior to 7.2.7, where the input parameter (file path and name) can be manipulated to cause the server to return Content-Type: text/html for names ending in .html, enabling execution of malicious JavaScript in the browser after an a...

redis:7 security update

7.2.7-1 - rebase to 7.2.7 for CVE-2024-46981 and CVE-2024-51741...

SUSE CVE-2024-46981

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...

DEBIAN-CVE-2024-46981

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...

Malicious code in dhp-logging-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware def2cfdcf7555dce8bc6545670a20f1748d6588683a817bc7d922f42c8e9cd43 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress plugin File Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Sirv plugin <= 7.2.7 - Authenticated (Subscriber+) Missing Authorization to Plugin Settings Update vulnerability

Authenticated Subscriber+ Missing Authorization to Plugin Settings Update vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Sirv versions = 7.2.7...

WordPress Sirv Plugin <= 7.2.7 is vulnerable to Broken Access Control

Software Sirv Type Plugin Vulnerable versions = 7.2.7 Fixed in 7.2.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6392 Patch priority Low CVSS severity Low 5.4 Developer Sirv PSID 6ea9e1fd2836 Credits Rafshanzani Suhada Required privilege Subscriber...

SUSE CVE-2022-26306

LibreOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...

Fortinet Fortigate - Format String in CLI command (FG-IR-23-413)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-413 advisory. - A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.1 and below, version 7.2.7 and...

CVE-2023-48784

A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or...

LibreOffice 7.2.x < 7.2.7, 7.3.x < 7.3.2 Improper Certificate Validation Vulnerability (Jul 2022) - Windows

LibreOffice is prone to an improper certificate validation vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

LibreOffice 7.2.x < 7.2.7, 7.3.x < 7.3.3 Multiple Vulnerabilities (Jul 2022) - Windows

LibreOffice is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:libreoffice:libreoffice";...