EUVD-2025-209483

Cross-Site Request Forgery CSRF vulnerability in DeluxeThemes Userpro allows Cross Site Request Forgery.This issue affects Userpro: from n/a before 5.1.11...

WordPress plugin Userpro 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003672)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003672 advisory. Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more th...

CVE-2019-12932

A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php...

DoS (Denial of Service) tomcat Dependency in Crowd Data Center

This High severity Third-Party Dependency vulnerability was introduced in versions 5.1.11, 5.2.6, 5.3.2, and 6.0.0 of Crowd Data Center. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5, allows an unauthenticated attacker to expose assets in your environment susceptible to...

PT-2024-13629 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: Silverstripe Framework versions prior to 4.13.39 and 5.1.11 Description: The issue allows a user to access a record's title even if they should not be able to see the record, by adding it to a GridField using the...

Security Bulletin: IBM RackSwitch firmware products are affected by TCP denial of service vulnarabilities

Summary The IBM RackSwitch firmware products listed below have addressed the following TCP denial of service vulnerabilities. Vulnerability Details CVEID: CVE-2019-11478 DESCRIPTION: Jonathan Looney discovered that the TCP retransmission queue implementation in tcpfragment in the Linux kernel cou...

CVE-2019-14259

On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection missing input validation issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands ...

Command injection

On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection missing input validation issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands ...

CVE-2019-14259

On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection missing input validation issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands ...

CVE-2019-12932

A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php...

Cross site scripting

A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php...

CVE-2019-12932

A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php...

SeedDMS 5.1.11 - out.UsrMgr.php Cross-Site Scripting

SeedDMS 5.1.11 - out.UsrMgr.php Cross-Site Scripting Exploit Title: Persistent Cross-Site Scripting or Stored XSS in out/out.UsrMgr.php in SeedDMS before 5.1.11 Google Dork: NA Date: 20-June-2019 Exploit Author: Nimit Jainhttps://secfolks.blogspot.com Vendor Homepage: https://www.seeddms.org...

SeedDMS 5.1.11 - out.GroupMgr.php Cross-Site Scripting

SeedDMS 5.1.11 - out.GroupMgr.php Cross-Site Scripting Exploit Title: Persistent Cross-Site Scripting or Stored XSS in out/out.GroupMgr.php in SeedDMS before 5.1.11 Google Dork: NA Date: 17-June-2019 Exploit Author: Nimit Jainhttps://secfolks.blogspot.com Vendor Homepage: https://www.seeddms.org...

CVE-2019-12745

out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site Scripting XSS via the name field...

CVE-2019-11479

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kerne...

[SECURITY] Fedora 30 Update: kernel-5.1.11-300.fc30

The kernel meta package...

[ASA-201906-15] linux-zen: denial of service

Arch Linux Security Advisory ASA-201906-15 ========================================== Severity: High Date : 2019-06-18 CVE-ID : CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 Package : linux-zen Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-985 Summary ======= The...

CVE-2019-12801

out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name...