MiracleLinux 9 : python3.12-3.12.5-2.el9_5.2 (AXSA:2024-9442:17)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9442:17 advisory. python: Virtual environment venv activation scripts don't quote paths CVE-2024-9287 python: Unbounded memory buffering in...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000606)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000606 advisory. The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service system crash via a VAPIC synchronization...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001846)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001846 advisory. The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service system crash via a VAPIC synchronization...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001825)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001825 advisory. The apicgettmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service...

CVE-2025-68529

Cross-Site Request Forgery CSRF vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Cross Site Request Forgery.This issue affects WP Email Capture: from n/a through = 3.12.5...

CVE-2025-68529 WordPress WP Email Capture plugin <= 3.12.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Cross Site Request Forgery.This issue affects WP Email Capture: from n/a through = 3.12.5...

PT-2025-53094

Name of the Vulnerable Software and Affected Versions WP Email Capture versions through 3.12.5 Description The software contains a Cross-Site Request Forgery CSRF flaw. This allows attackers to potentially perform actions on behalf of authenticated users without their knowledge. Recommendations...

WordPress WP Email Capture plugin <= 3.12.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP Email Capture versions = 3.12.4...

GHSA-9G9J-3W64-3CJH MoonShine SQL Injection Vulnerability

MoonShine v3.12.5 was discovered to contain a SQL injection vulnerability via the Data parameter under the Blog module...

CVE-2025-51489

A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened...

Moonshine 安全漏洞

Moonshine is a MoonShine open source admin panel software. A security vulnerability exists in Moonshine version v3.12.5, which stems from a parameter injection and could lead to an SQL injection attack...

CVE-2025-51489

A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened...

PT-2025-33264 · Moonshine · Moonshine

Name of the Vulnerable Software and Affected Versions: MoonShine version 3.12.5 Description: MoonShine version 3.12.5 contains a SQL injection issue within the Blog module, specifically through the Data parameter. Recommendations: As a temporary workaround, consider restricting access to the Blog...

WordPress Happy Addons for Elementor plugin <= 3.12.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Comparison vulnerability discovered by zer0gh0st in WordPress Plugin Happy Addons for Elementor versions = 3.12.5...

PT-2024-16354 · WordPress · Happy Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Happy Addons for Elementor plugin for WordPress versions up to, and including, 3.12.5 Description: The issue is related to Stored Cross-Site Scripting via the before label parameter in the Image Comparison widget due to insufficient input...

GitHub Enterprise Server Security Vulnerability

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...

SUSE CVE-2013-4587

Array index error in the kvmvmioctlcreatevcpu function in virt/kvm/kvmmain.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value...

CVE-2022-1123

The Leaflet Maps Marker Google Maps, OpenStreetMap, Bing Maps WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks...

CVE-2022-1123

The Leaflet Maps Marker Google Maps, OpenStreetMap, Bing Maps WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks...

CVE-2020-11076

In Puma RubyGem before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4...