The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor’s IP from certain HTTP headers over PHP’s REMOTE_ADDR, which makes it possible to bypass…

The WP Sticky Button WordPress plugin before 1.4.1 does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them.…

A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into…

A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable…

A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to…

There is a flaw in RPM’s signature functionality. OpenPGP subkeys are associated with a primary key via a “binding signature.” RPM does not check the…

A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed, allowing access to all…

A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output.…

A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing…

A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection.…