CVE-2026-2295

The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajaxpostgridloadmore' function in all versions up to, and including, 1.3.2. This makes it possible for unauthenticated attacker...

CVE-2026-2295

CVE-2026-2295 affects the WordPress plugin “WPZOOM Addons for Elementor – Starter Templates & Widgets” up to version 1.3.2, exposing protected post titles and excerpts via an unauthenticated request to ajax_post_grid_load_more due to a missing capability check. Multiple sources (Wordfence, CVE en...

MiracleLinux 9 : libreswan-4.9-4.el9 (AXSA:2023-5959:05)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-5959:05 advisory. libreswan: Regression of CVE-2023-30570 fixes in the Red Hat Enterprise Linux CVE-2023-2295 Tenable has extracted the preceding description block directly fr...

MiracleLinux 8 : libreswan-4.9-3.el8 (AXSA:2023-6143:08)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6143:08 advisory. libreswan: Regression of CVE-2023-30570 fixes in the MIRACLE LINUX CVE-2023-2295 Tenable has extracted the preceding description block directly from the...

EUVD-2026-2295

In the Linux kernel, the following vulnerability has been resolved: ksmbd: vfs: fix race on mflags in vfscache ksmbd maintains delete-on-close and pending-delete state in ksmbdinode-mflags. In vfscache.c this field is accessed under inconsistent locking: some paths read and modify mflags under...

CVE-2019-2295

Information disclosure due to lack of address range check done on the SysDBG buffers in SDI code. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and...

Linux Distros Unpatched Vulnerability : CVE-2025-2295

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability...

CVE-2025-2295

EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service...

UBUNTU-CVE-2025-2295

EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service...

CVE-2025-2295 Potential iSCSI R2T PDU Vulnerability

EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service...

CVE-2025-2295

CVE-2025-2295 affects EDK2 BIOS code; reported via connected advisories indicating an Integer Overflow/Wraparound when processed over network, potentially enabling a denial-of-service. The connected records specify affected packages (edk2 and hvloader in Mariner), with patches available: edk2 upd...

CVE-2025-2295 Potential iSCSI R2T PDU Vulnerability

EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service...

CVE-2025-2295

EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service...

WordPress Contact Form Manager Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form Manager Type Plugin Vulnerable versions = 1.6 Fixed in 1.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2295 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 163bd6f2f229 Credits ruphail Required...

CVE-2024-2295

The Contact Form Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's xyz-cfm-form shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-2295

The CVE-2024-2295 entry concerns the WordPress plugin Contact Form Manager. Affected versions are all up to and including 1.6.1, where insufficient input sanitization and output escaping on the [xyz-cfm-form] shortcode attributes allows Stored Cross-Site Scripting (XSS). Exploitation requires aut...

CVE-2024-2295 Contact Form Manager <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Contact Form Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's xyz-cfm-form shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

RHEL 6 : puppet (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - puppet: incorrect URL decoding CVE-2016-2785 - Versions of Puppet prior to 4.10.1 will deserialize data o...

RHEL 9 : libjpeg-turbo (RHSA-2024:2295)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2295 advisory. The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the...

libreswan security and bug fix update

4.12-1.0.1.1 - Add libreswan-oracle.patch to detect Oracle Linux distro 4.12-1.1 - Fix CVE-2024-2357 RHEL-29734 - x509: unpack IPv6 general names based on length RHEL-32719 4.12-1 - Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712 - Resolves: rhbz2215956 4.9-5 - Just bumping u...