Unity Linux 20.1060e / 20.1070e Security Update: wireshark (UTSA-2026-005366)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005366 advisory. In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more...

EUVD-2024-33429

Malicious code in bioql PyPI...

CVE-2025-32198

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themefusecom Brizy brizy.This issue affects Brizy: from n/a through = 2.7.7...

CVE-2025-32198 WordPress Brizy plugin <= 2.6.14 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themefusecom Brizy. This issue affects Brizy: from n/a through 2.6.14...

WordPress plugin Brizy 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-43126

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Sender Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce allows Reflected XSS.This issue affects Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce...

CVE-2024-10520

The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the 'CreateMilestone', 'CreateTaskList', 'CreateTask', and 'DeleteTask' classes in version 2.6.14. This makes it possible for unauthenticated...

CVE-2024-10520

The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the 'CreateMilestone', 'CreateTaskList', 'CreateTask', and 'DeleteTask' classes in version 2.6.14. This makes it possible for unauthenticated...

PT-2024-16339 · WordPress · Wp Project Manager

Name of the Vulnerable Software and Affected Versions: WP Project Manager plugin for WordPress version 2.6.14 Description: The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the check method of the Create Milestone,...

Rancher 日志信息泄露漏洞

Rancher is an open source container management platform from Rancher Open Source in the United States, built for organizations that deploy containers in production environments. A log information disclosure vulnerability exists in Rancher versions prior to 2.6.14, prior to 2.7.10, and prior to...

WordPress plugin Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin Sender - Newsletter,...

WordPress Mollie Forms Plugin <= 2.6.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software Mollie Forms Type Plugin Vulnerable versions = 2.6.13 Fixed in 2.6.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2368 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID be4c386416af Credits Lucio Sá Required...

PT-2024-25035 · Unknown · Offerbox App For Android +1

Name of the Vulnerable Software and Affected Versions: OfferBox App for Android versions 2.0.0 through 2.3.17 OfferBox App for iOS versions 2.1.7 through 2.6.14 Description: The 'OfferBox' App for Android and iOS uses a hard-coded secret key for JWT. This secret key may be retrieved if the...

PT-2024-11971 · Rancher · Rancher

Name of the Vulnerable Software and Affected Versions: Rancher versions prior to 2.6.14 Rancher versions prior to 2.7.10 Rancher versions prior to 2.8.2 Description: A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. The issue affects...

ai.ylyue:yue-library-base (=j11.2.6.2), ai.ylyue:yue-library-data-es (=j11.2.6.2) +3471 more potentially affected by CVE-2023-20883 via org.springframework.boot:spring-boot-autoconfigure (>=2.6.0 <=2.6.14)

org.springframework.boot:spring-boot-autoconfigure MAVEN version =2.6.0, =2.2.53, =0.23.9, =0.1.2, =5.7.0, =5.7.7, =5.7.0, =6.4.7 and more Source cves: CVE-2023-20883 Source advisory: OSV:GHSA-XF96-W227-R7C4...

CVE-2023-20883

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service DoS attack if Spring MVC is used together with a reverse proxy cache...

ai.ylyue:yue-library-base (=j11.2.6.2), ai.ylyue:yue-library-data-es (=j11.2.6.2) +825 more potentially affected by CVE-2023-20873 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=2.6.0 <=2.6.14)

org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =2.6.0, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.0, =1.1.2, =1.1.4 - cn.kduck:kduck-security =1.1.2 - cn.kduck:kduck-security-principal =1.1.2 and more Source cves: CVE-2023-20873 Source advisory:...

GSD-2023-1002404 net: USB: Fix wrong-direction WARNING in plusb.c

net: USB: Fix wrong-direction WARNING in plusb.c This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.232 by commit...

SUSE CVE-2005-3810

ipconntrackprotoicmp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service kernel oops via a message without ICMP ID ICMPID information, which leads to a null dereference...

SUSE CVE-2006-0035

The netlinkrcvskb function in afnetlink.c in Linux kernel 2.6.14 and 2.6.15 allows local users to cause a denial of service infinite loop via a nlmsglen field of 0...