ChurchCRM 4.5.3 - Cross-Site Scripting

A stored Cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php. id: CVE-2023-26843 info: name: ChurchCRM 4.5.3 - Cross-Site Scripting author: Harsh severity: medium description: | A stored Cross-site scripti...

CVE-2026-8938

The CVE-2026-8938 entry concerns the WordPress plugin “auto making JSON-LD” (versions

WordPress plugin auto making JSON-LD 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

OPENSUSE-SU-2026:10519-1 glances-common-4.5.3-1.1 on GA media

These are all security issues fixed in the glances-common-4.5.3-1.1 package on the GA media of openSUSE Tumbleweed...

Linux Distros Unpatched Vulnerability : CVE-2026-33641

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings...

CVE-2026-33641 Glances Vulnerable to Command Injection via Dynamic Configuration Values

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...

CVE-2026-33641

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...

CVE-2026-33533

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an...

CVE-2026-32611

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...

CVE-2026-32611 Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...

CVE-2026-32611

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...

Linux Distros Unpatched Vulnerability : CVE-2026-32611

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by...

5-ifc-check-cli (=1.0.0), 7ghost (>=4.11.2 <=4.11.46) +4139 more potentially affected by CVE-2026-27942 via fast-xml-parser (>=4.0.0-beta.2 <=4.5.3)

fast-xml-parser NPM version =4.0.0-beta.2, =4.11.2, =0.1.1, =0.0.2, =1.0.1, =1.0.0, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =0.0.3 and more Source cves: CVE-2026-27942 Source advisory: SNYK:JS-FASTXMLPARSER-15353391...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002912)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002912 advisory. The usbiprecvxbuff function in drivers/usb/usbip/usbipcommon.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service out-of-bounds...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003328)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003328 advisory. The InfiniBand aka IB stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service kerne...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002678)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002678 advisory. The assocarrayinsertintoterminalnode function in lib/assocarray.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users ...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000720)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000720 advisory. The assocarrayinsertintoterminalnode function in lib/assocarray.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users ...

CVE-2025-43991

SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain an UNIX Symbolic Link Symlink following vulnerability. A low privileged attacker with local access to the system could potentially exploit this vulnerability to delete arbitrar...

CVE-2025-43991

SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain an UNIX Symbolic Link Symlink following vulnerability. A low privileged attacker with local access to the system could potentially exploit this vulnerability to delete arbitrar...

CVE-2025-43991

SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain an UNIX Symbolic Link Symlink following vulnerability. A low privileged attacker with local access to the system could potentially exploit this vulnerability to delete arbitrar...