Fedora 43 : docker-compose (2026-951a6725b8)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-951a6725b8 advisory. - Update to release v5.1.4 - Resolves: rhbz2480186 - Upstream fixes ---- - Update to release v5.1.3 - Resolves rhbz2458697 - Resolves CVE-2026-33747...

WordPress plugin User Registration & Membership 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

Astra Linux - уязвимость в assimp

An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp...

CVE-2026-6203

The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4. This is due to insufficient validation of user-supplied URLs passed via the 'redirecttoonlogout' GET parameter before redirecting users. The redirecttoonlogout GET paramet...

PT-2026-28389

Name of the Vulnerable Software and Affected Versions Kirby CMS versions through 5.1.4 Description Kirby CMS through version 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent Denial of Service DoS via a malformed image upload. The application does not properly...

Kirby 安全漏洞

Kirby is a set of open-source content management systems based on files. Versions of Kirby 5.1.4 and earlier have security vulnerabilities. These vulnerabilities stem from the application’s failure to correctly validate the return value of the PHP getimagesize function, which can lead to persiste...

CVE-2026-25361 WordPress WpEvently plugin <= 5.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in magepeopleteam WpEvently mage-eventpress allows Reflected XSS.This issue affects WpEvently: from n/a through = 5.1.4...

PT-2026-27922

Name of the Vulnerable Software and Affected Versions WpEvently versions through 5.1.4 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-Site Scripting XSS condition. This allows for the execution of malicious...

WordPress plugin User Registration & Membership 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

@brochington/ecstatic (=0.3.0), @dreamcatcher-tech/web (=0.0.0) +78 more potentially affected by CVE-2026-29063 via immutable (>=5.0.0 <=5.1.4)

immutable NPM version =5.0.0, =0.2.1, =0.0.9, =11.5.0, =1.6.0, =0.11.0, =11.5.0, =11.5.0, =11.5.0, =0.92.0, =0.0.0-ci.0a1b452, =0.0.0-ci.1e276ed, =0.0.0-ci.fd7cff6 and more Source cves: CVE-2026-29063 Source advisory: OSV:GHSA-WF6X-7X77-MVGW...

CVE-2023-45824

OroPlatform is a PHP Business Application Platform BAP. A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4...

PT-2025-50237

Name of the Vulnerable Software and Affected Versions COMMAX CVD-Axx DVR version 5.1.4 Description The COMMAX CVD-Axx DVR contains weak default administrative credentials, enabling remote password attacks and disclosure of RTSP streams. An attacker can exploit this by sending a POST request to an...

CVE-2025-65012

Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or the name of any user to a malicious string. Then they could modify any content field of the same model without saving, making the model a candidate for display in the...

CVE-2025-65012 Kirby CMS has cross-site scripting (XSS) in the changes dialog

Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or the name of any user to a malicious string. Then they could modify any content field of the same model without saving, making the model a candidate for display in the...

CVE-2025-65012 Kirby CMS has cross-site scripting (XSS) in the changes dialog

Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or the name of any user to a malicious string. Then they could modify any content field of the same model without saving, making the model a candidate for display in the...

Kirby CMS has cross-site scripting (XSS) in the changes dialog

TL;DR This vulnerability affects all Kirby 5 sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update page titles or usernames. The attack requires user interaction by another Panel user and cannot be automated. ---- Introductio...

PT-2025-47416

Name of the Vulnerable Software and Affected Versions Kirby versions 5.0.0 through 5.1.3 Description Kirby is a content management system. Attackers could modify the title of any page or the name of any user to a malicious string. Subsequently, they could alter any content field of the same model...

EUVD-2025-35660

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ArkSigner Software and Hardware Inc. AcBakImzala allows Reflected XSS.This issue affects AcBakImzala: before v5.1.4...

CVE-2025-10727

CVE-2025-10727 affects ArkSigner Software and Hardware Inc. AcBakImzala prior to version 5.1.4. The issue is a Reflected XSS caused by improper neutralization of input during web page generation. Impact is Reflected XSS as described in multiple sources. The connected documents provide the affecte...

PT-2025-43509

Name of the Vulnerable Software and Affected Versions ArkSigner AcBakImzala versions prior to 5.1.4 Description The software contains a PHP Local File Inclusion issue due to improper control of filename inclusion mechanisms. This allows for the inclusion of files from untrusted sources. The issue...