Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017707)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017707 advisory. An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5Olinkdecode in H5Olink.c. Tenable has extracted the...

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017710)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017710 advisory. An issue was discovered in the HDF HDF5 1.8.20 library. There is a buffer over-read in H5Ochunkdeserialize in H5Ocache.c. Tenable has extracted the preceding...

CVE-2026-4087

The Pre Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via the 'hintids' parameter of the pprhupdatehints AJAX action in all versions up to, and including, 1.8.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

WordPress Pre* Party Resource Hints plugin <= 1.8.20 - Authenticated (Subscriber+) SQL Injection via 'hint_ids' Parameter vulnerability

Authenticated Subscriber+ SQL Injection via 'hintids' Parameter vulnerability discovered by Chawabhon Netisingha JNX03 in WordPress Plugin Pre Party Resource Hints versions = 1.8.20...

EUVD-2026-14180

The Pre Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via the 'hintids' parameter of the pprhupdatehints AJAX action in all versions up to, and including, 1.8.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

CVE-2026-4087

CVE-2026-4087 affects the Pre* Party Resource Hints plugin for WordPress. The vulnerability is an SQL Injection via the hint_ids parameter in the pprh_update_hints AJAX action, present in all versions up to and including 1.8.20 . It results from insufficient escaping of user input and lack of pro...

CVE-2026-4087

The Pre Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via the 'hintids' parameter of the pprhupdatehints AJAX action in all versions up to, and including, 1.8.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

WordPress plugin Pre* Party Resource Hints SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2024-33586

Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.20...

OESA-2024-2337 hdf5 security update

HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...

CVE-2024-33586

Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.20...

PT-2024-25354 · 10Web · Photo Gallery

Name of the Vulnerable Software and Affected Versions: Photo Gallery by 10Web versions 1.8.20 and earlier Description: A missing authorization issue has been identified. This issue allows unauthorized access. The estimated number of potentially affected devices is not provided. Recommendations: F...

WordPress Photo Gallery by 10Web plugin <= 1.8.20 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Photo Gallery by 10Web versions = 1.8.20...

WordPress Photo Gallery by 10Web Plugin <= 1.8.20 is vulnerable to Broken Access Control

Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.20 Fixed in 1.8.21 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33586 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9de61c674191 Credits Steven Julian Requir...

SUSE CVE-2018-14034

An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5Oplinereset in H5Opline.c...

CVE-2020-19049

Cross Site Scripting XSS in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Description" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'...

MyBB 跨站脚本漏洞

MyBB MyBulletinBoard is a free and web-based forum software developed by MyBB MYBB team using PHP and MySQL. The software is easy to use , support for multi-language , scalable and so on. A cross-site scripting vulnerability exists in MyBB version 1.8.20, which can be exploited by a remote attack...

MyBB 跨站脚本漏洞

MyBB MyBulletinBoard is a free and web-based forum software developed by MyBB MYBB team using PHP and MySQL. The software is easy to use, multi-language support, scalable and so on. A security vulnerability exists in MyBB, which stems from a cross-site scripting XSS vulnerability in version v1.8....

PT-2021-10278 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB version 1.8.20 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the Description field in the Add New Forum page. This can be achieved by doing an authenticated POST HTTP request to...

PT-2021-10277 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB version 1.8.20 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the Title field in the Add New Forum page. This can be achieved by doing an authenticated POST HTTP request to...