RSVPMaker <= 9.2.5 - SQL Injection

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from t...

EUVD-2024-0600

Malicious code in bioql PyPI...

EUVD-2024-0673

Malicious code in bioql PyPI...

CVE-2024-1246

Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the...

CVE-2025-47576

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Bringthepixel Bimber - Viral Magazine WordPress Theme.This issue affects Bimber - Viral Magazine WordPress Theme: from n/a through 9.2.5...

CVE-2025-47576 WordPress Bimber - Viral Magazine WordPress Theme theme <= 9.2.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Bringthepixel Bimber - Viral Magazine WordPress Theme.This issue affects Bimber - Viral Magazine WordPress Theme: from n/a through 9.2.5...

CVE-2024-50305

Apache Traffic Server (affected: 9.2.0–9.2.5) contains CVE-2024-50305 due to a flaw with the Valid Host header field that can cause a crash on some platforms. The issue is addressed by upgrading to 9.2.6 or 10.0.2 (which does not have the issue). If present, also consider broader advisories acros...

CVE-2024-38479 Apache Traffic Server: Cache key plugin is vulnerable to cache poisoning attack

Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue...

DEBIAN-CVE-2024-35296

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue...

CVE-2024-35296

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue...

CVE-2023-38522 Apache Traffic Server: Incomplete field name check allows request smuggling

Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from...

CVE-2024-35161 Apache Traffic Server: Incomplete check for chunked trailer section allows request smuggling

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4...

PT-2024-20408 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 8.1.x through 8.1.9 Mattermost versions 9.2.x through 9.2.5 Mattermost versions 9.3.x through 9.3.1 Mattermost versions 9.4.x through 9.4.2 Description: The issue allows an authenticated attacker to crash the client...

Concrete CMS vulnerable to stored XSS via the Role Name field

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the...

GHSA-MGP6-J658-VCW9 Concrete CMS vulnerable to stored XSS in file tags and description attributes

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attribut...

CVE-2024-1246 Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature

Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the...

CVE-2024-1247

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the...

CVE-2024-1247 Concrete CMS version 9 before 9.2.5 vulnerable to stored XSS via the Role Name field

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the...

Concrete CMS Cross-Site Scripting Vulnerability

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. A cross-site scripting vulnerability exists in Concrete CMS version 9.x prior to 9.2.5, which stems from insufficient data validation and is susceptible to stored...

PT-2024-17599 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS version 9 before 9.2.5 Description: The issue concerns stored XSS in file tags and description attributes. Administrator-entered file attributes are not sufficiently sanitized in the Edit Attributes page, allowing a rogue...