OPENSUSE-SU-2026:10767-1 ffmpeg-4-4.4.6-12.1 on GA media

These are all security issues fixed in the ffmpeg-4-4.4.6-12.1 package on the GA media of openSUSE Tumbleweed...

Astra Linux - уязвимость в wireshark

The column handling in Wireshark versions 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows for denial of service through packet injection or malicious capture files...

CVE-2026-33545

MobSF is a mobile application security testing tool used. Prior to version 4.4.6, MobSF's readsqlite function in mobsf/MobSF/utils.py lines 542-566 uses Python string formatting % to construct SQL queries with table names read from a SQLite database's sqlitemaster table. When a security analyst...

CVE-2026-33545

MobSF is a mobile application security testing tool used. Prior to version 4.4.6, MobSF's readsqlite function in mobsf/MobSF/utils.py lines 542-566 uses Python string formatting % to construct SQL queries with table names read from a SQLite database's sqlitemaster table. When a security analyst...

CVE-2026-3228 NextScripts: Social Networks Auto-Poster <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'nxs_fbembed' Shortcode

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nxsfbembed shortcode in all versions up to, and including, 4.4.6. This is due to insufficient input sanitization and output escaping on the snapFB post meta value. This makes it...

PT-2026-4036

Name of the Vulnerable Software and Affected Versions wpeverest User Registration versions through 4.4.6 Description An issue exists in wpeverest User Registration related to incorrectly configured access control security levels, allowing for missing authorization. The vulnerability allows...

CVE-2026-0726

The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.6 via deserialization of untrusted input in the 'nxtunserializereplace' function. This makes it possible for unauthenticated attackers to inject a...

CVE-2025-13367

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes in all versions up to, and including, 4.4.6 due to...

WordPress Sailing theme < 4.4.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Sailing versions 4.4.6...

WordPress Sailing theme < 4.4.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Sailing versions 4.4.6...

PT-2025-51223

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes in all versions up to, and including, 4.4.6 due to...

CVE-2025-67573

Missing Authorization vulnerability in ThimPress Sailing sailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sailing: from n/a through 4.4.6...

CVE-2025-67526

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThimPress Sailing sailing allows PHP Local File Inclusion.This issue affects Sailing: from n/a through 4.4.6...

CVE-2025-67526

CVE-2025-67526 affects Sailing (WordPress theme) older than 4.4.6. It is a Local File Inclusion via improper filename handling in PHP include/require, exploitable by authenticated users with Contributor+ privileges. The WordFence vulnerability list notes a high severity (9.8 in some entries; CVSS...

WordPress plugin Sailing 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

Security Bulletin: IBM Aspera High-Speed Transfer Server and IBM Aspera High-Speed Transfer Endpoint are vulnerable to an interger overflow attack

Summary A vulnerability has been identified in Redis' in-memory data structure store that could lead to remote code execution. This vulnerability has been addressed in IBM Aspera High-Speed Transfer Server v4.4.7 and IBM Aspera High-Speed Transfer Endpoint v4.4.7 and part of the same remediation...

CVE-2025-62175

Mastodon is a free, open-source social network server based on ActivityPub. In versions before 4.4.6, 4.3.14, and 4.2.27, disabling or suspending a user account does not disconnect the account from the streaming API. This allows disabled or suspended accounts to continue receiving real-time updat...

CVE-2025-62176 Mastadon streaming server allows OAuth clients without the `read` scope to subscribe to public channels

Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...

CVE-2025-62174 Mastodon allows continued access after password reset via CLI

Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, when an administrator resets a user account's password via the command-line interface using bin/tootctl accounts modify --reset-password, active sessions and access tokens for...

Mastodon 安全漏洞

Mastodon is an open source social networking server based on ActivityPub by Mastodon Open Source. A security vulnerability exists in Mastodon versions prior to 4.4.6, prior to 4.3.14, and prior to 4.2.27, which stems from an event where the stream server accepts service for a public timeline usin...