WordPress Nexter Extension - Site Enhancements Toolkit plugin <= 4.4.6 - Unauthenticated PHP Object Injection via 'nxt_unserialize_replace' vulnerability

WordPress Nexter Extension - Site Enhancements Toolkit plugin = 4.4.6 - Unauthenticated PHP Object Injection via 'nxtunserializereplace' vulnerability discovered by Webbernaut in WordPress Plugin Nexter Extension versions = 4.4.6...

Burp Global Match and Replace Extension 1.0.0

This archive provides a system-wide match and replace table that applies to all Burp tools including Burp AI. This goes beyond Proxy Match and Replace, which only affects Proxy...

PT-2026-3805

Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the RockstarService.exe with a malicious binary to create a new administrator user and gain elevated syste...

CVE-2026-0726 Nexter Extension – Site Enhancements Toolkit <= 4.4.6 - Unauthenticated PHP Object Injection via 'nxt_unserialize_replace'

The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.6 via deserialization of untrusted input in the 'nxtunserializereplace' function. This makes it possible for unauthenticated attackers to inject a...

MiracleLinux 8 : glib2-2.56.4-156.el8 (AXSA:2021-2834:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2834:05 advisory. glib2: Possible privilege escalation thourgh pkexec and aliases CVE-2021-3800 glib: gfilereplace with GFILECREATEREPLACEDESTINATION creates empty...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000637)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000637 advisory. The sndctlelemadd function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the userctlcount...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004043)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004043 advisory. A memory leak in the nfpabmu32knodereplace function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a deni...

CVE-2021-47761 MilleGPG5 5.7.2 Luglio 2021 (x64) - Local Privilege Escalation

MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer restar...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003473)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003473 advisory. The IPTSOSETREPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service out-of-bounds...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003315)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003315 advisory. Integer overflow in the xtalloctableinfo function in net/netfilter/xtables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002144)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002144 advisory. The sndctlelemadd function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002643)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002643 advisory. Integer overflow in the xtalloctableinfo function in net/netfilter/xtables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003016)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003016 advisory. The IPTSOSETREPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service out-of-bounds...

CVE-2022-50931

TeamSpeak 3.5.6 contains an insecure file permissions vulnerability that allows local attackers to replace executable files with malicious binaries. Attackers can replace system executables like ts3clientwin32.exe with custom files to potentially gain SYSTEM or Administrator-level access...

CVE-2022-50931

TeamSpeak 3.5.6 has an insecure file permissions vulnerability allowing local attackers to replace system executables (e.g., ts3client_win32.exe) with malicious binaries, potentially yielding SYSTEM/Administrator privileges. Documented CVSS: LOCAL, HIGH impact (C/H/I/A). Exploit details are repor...

CVE-2022-50931 TeamSpeak 3.5.6 - Insecure File Permissions

TeamSpeak 3.5.6 contains an insecure file permissions vulnerability that allows local attackers to replace executable files with malicious binaries. Attackers can replace system executables like ts3clientwin32.exe with custom files to potentially gain SYSTEM or Administrator-level access...

PT-2026-2407

Name of the Vulnerable Software and Affected Versions TeamSpeak version 3.5.6 Description TeamSpeak 3.5.6 has a file permissions issue that allows local attackers to replace executable files with malicious binaries. An attacker can replace system executables, such as ts3client win32.exe, with...

CVE-2026-21871

NiceGUI is a Python-based UI framework. From versions 2.13.0 to 3.4.1, there is a XSS risk in NiceGUI when developers pass attacker-controlled strings into ui.navigate.history.push or ui.navigate.history.replace. These helpers are documented as History API wrappers for updating the browser URL...

CVE-2023-40985

An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting XSS vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file ...

CVE-2020-12119

Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee RBF. It increases the user's balance with the value of an unconfirmed transaction as soon as it is received before the transaction is confirmed and does not decrease the balance when it is canceled. As a result, users are exposed t...