Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003012)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003012 advisory. drivers/net/usb/rtl8150.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIGVMAPSTACK option, which allows local users to cause a denial o...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001207)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001207 advisory. drivers/char/virtioconsole.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIGVMAPSTACK option, which allows local users to...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000403)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000403 advisory. The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after- free because skcd-norefcnt was not considered during a...

EUVD-2017-7045

Malware in sbrugna...

WordPress 4.9.x < 4.9.26 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...

phpMyAdmin 4.9.x < 4.9.10 Information Disclosure

The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.10 or 5.1.x prior to 5.1.3. It is, therefore, affected by an information disclosure that would reveal the path on disk where phpMyAdmin is running from. Note that the scanner has not tested for these issues but has...

phpMyAdmin 5.0.x < 5.0.2 Multiple Vulnerabilities

The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.5 or 5.0.x prior to 5.0.2. It is, therefore, affected by multiple vulnerabilities. - A malicious user may be able to create a specially crafted username leading to a SQL injection. - A malicious user may be able to...

phpMyAdmin 5.0.x < 5.0.3 Multiple Vulnerabilities

The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.6 or 5.0.x prior to 5.0.3. It is, therefore, affected by multiple vulnerabilities. - It may permit an attacker to craft a malicious link leading to a Cross-Site Scripting attack XSS vulnerability if a user clicks o...

phpMyAdmin 4.9.x < 4.9.5 Multiple Vulnerabilities

The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.5 or 5.0.x prior to 5.0.2. It is, therefore, affected by multiple vulnerabilities. - A malicious user may be able to create a specially crafted username leading to a SQL injection. - A malicious user may be able to...

WordPress 4.9.x < 4.9.20 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored cross-site scripting XSS vulnerability exists via wpfilterglobalstylespost. - A prototype pollution exists via the Gutenberg wordpress/url package. Note that the...

Samba DoS Vulnerability (CVE-2019-3824)

Samba is prone to a denial of service DoS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

NewStart CGSL CORE 5.05 / MAIN 5.05 : samba Multiple Vulnerabilities (NS-SA-2021-0167)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has samba packages installed that are affected by multiple vulnerabilities: - All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with log level = 3 or above...

SQL injection vulnerability in SearchController

PMASA-2020-6 Announcement-ID: PMASA-2020-6 Date: 2020-10-10 Summary SQL injection vulnerability in SearchController Description An SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL i...

Design/Logic Flaw

The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd-norefcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature...

WordPress 4.9.x < 4.9.15 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exist in the block editor. - A cross-site scripting XSS vulnerability exist in media files. - An open redirect vulnerability exist...

Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2020-1511)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Car Rental System 1.3 Cross Site Scripting

Exploit Title: WordPress Car Rental System 1.3 XSS Vunlerability Google Dork:N/A Date: 2020-04-04 Exploit Author: @ThelastVvV Vendor Homepage: https://codecanyon.net/item/car-rental-system-wordpress-plugin/4239755?srank=3 Version: 1.3 Tested on: 5.4.0-kali4-amd64...

SQL injection relating to data display

PMASA-2020-4 Announcement-ID: PMASA-2020-4 Date: 2020-03-20 Updated: 2020-03-22 Summary SQL injection relating to data display Description An SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results. The attac...

CVE-2019-15902

A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptracegetdebugreg" commit reintroduced the...

Design/Logic Flaw

An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inetcsklistenstop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue...