Important Photon OS Security Update - PHSA-2026-4.0-0951

Updates of 'linux' packages of Photon OS have been released...

CVE-2022-0951

File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4...

EUVD-2026-0951

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify Photobox, Themify Wigi, Themify Rezo, Themify Slide allows Upload a Web Shell to a Web Server.Thi...

ECHO-0951-A3D7-DA4F

Bulletin has no description...

CVE-2025-0951

creationtimestamp| type| source ---|---|--- 2025-08-28 04:17:42+00:00| seen| Telegram/Jw6FNZnfD04LE0zX-JTuMgGHj7eif7gKdsukuR1u0JWVyKo...

CVE-2025-0951 LiquidThemes Themes <= Various Versions - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated

Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquidresetwordpressbefore AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivat...

CVE-2024-0951

The Advanced Social Feeds Widget & Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2023-0951

Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions...

CVE-2019-0951

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0949, CVE-2019-0950...

Rocky Linux 9 : postgresql (RLSA-2024:0951)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:0951 advisory. - Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer...

WordPress Advanced Social Feeds Widget & Shortcode Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Social Feeds Widget & Shortcode Type Plugin Vulnerable versions = 1.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0951 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 185d76acedb2 Credits...

CVE-2024-0951

creationtimestamp| type| source ---|---|--- 2024-03-18 20:26:50+00:00| seen| https://t.me/ctinow/210915 2025-03-27 15:26:42+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9113...

CVE-2024-0951 Advanced Social Feeds Widget & Shortcode <= 1.7 - Admin+ Stored XSS

The Advanced Social Feeds Widget & Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2024-0951

CVE-2024-0951 affects the WordPress plugin Advanced Social Feeds Widget & Shortcode (versions

CVE-2024-0951 Advanced Social Feeds Widget & Shortcode <= 1.7 - Admin+ Stored XSS

The Advanced Social Feeds Widget & Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

Oracle Linux 9 : postgresql (ELSA-2024-0951)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0951 advisory. 13.14-1.0.1 - Update to 13.14 - Fixes CVE-2024-0985 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

Oracle Linux 9 : kernel (ELSA-2023-0951)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0951 advisory. - proc: procskipspaces shouldn't think it is working on C strings Wander Lairson Costa 2152580 2152581 CVE-2022-4378 - proc: avoid integer type confusi...

RHEL 9 : kernel (RHSA-2023:0951)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0951 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use-after-free caused by...

CVE-2023-0951

Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions...

CVE-2023-0951

CVE-2023-0951 affects Devolutions Server 2022.3.12 and earlier, due to improper access controls on certain API endpoints. A standard privileged user could perform privileged actions, with impact described as high for confidentiality, integrity, and availability. The provided documents identify th...