Unity Linux 20.1070e Security Update: netty (UTSA-2026-016700)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016700 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

CVE-2026-32947 Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier)

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, a DNS over HTTPS DoH vulnerability allows attackers to bypass egress-policy: block network restrictions by tunneling exfiltrated data through permitted HTTPS endpoints like...

CVE-2026-32946

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, the Harden-Runner that allows bypass of the egress-policy: block network restriction using DNS queries over TCP. Egress policies are enforced on GitHub runners by filtering...

CVE-2026-28045

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX N7 | Golf Club Sports & Events n7-golf-club allows PHP Local File Inclusion.This issue affects N7 | Golf Club Sports & Events: from n/a through = 2.16.0...

CVE-2026-28045 WordPress N7 | Golf Club Sports & Events theme <= 2.16.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX N7 | Golf Club Sports & Events n7-golf-club allows PHP Local File Inclusion.This issue affects N7 | Golf Club Sports & Events: from n/a through = 2.16.0...

CVE-2026-28045 WordPress N7 | Golf Club Sports & Events theme <= 2.16.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX N7 | Golf Club Sports & Events n7-golf-club allows PHP Local File Inclusion.This issue affects N7 | Golf Club Sports & Events: from n/a through = 2.16.0...

EUVD-2025-19023

Malicious code in bioql PyPI...

EUVD-2023-40697

Malicious code in bioql PyPI...

CVE-2025-60249

vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting XSS vulnerability was discovered in the handling of user-supplied input in the Bundles, Comments, and...

CVE-2025-58762

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative access can use the pmsimageproxy endpoint to write arbitrary python scripts into the application filesystem. This leads to remote code execution when...

CVE-2025-58762

CVE-2025-58762 affects Tautulli

CVE-2025-58761

CVE-2025-58761 affects Tautulli before 2.16.0. The vulnerable endpoint is real_pms_image_proxy, which allows unauthenticated path traversal to read arbitrary files on the server (e.g., tautulli.db with active JWT tokens and config.ini with admin password hash and secrets). Validation on the img p...

WordPress Tax Help Theme <= 2.16.0 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Tax Help versions = 2.16.0...

WordPress Paid Member Subscriptions Plugin <= 2.15.9 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by MD ISMAIL in WordPress Plugin Paid Member Subscriptions versions = 2.15.9...

Linux Distros Unpatched Vulnerability : CVE-2024-36123

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML...

Linux Distros Unpatched Vulnerability : CVE-2021-45105

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allo...

CVE-2025-50026

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in spoki Spoki spoki allows Stored XSS.This issue affects Spoki: from n/a through = 2.17.1...

CVE-2023-36386

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...

CVE-2023-36390

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...

CVE-2023-40668

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd plugin = 2.16.0 versions...