Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003613)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003613 advisory. btrfsfreeextent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfsprintleaf in a certain ENOENT case, which allows local users to obtain...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003667)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003667 advisory. btrfsrootnode in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcudereferenceroot-node can be zero. Tenable has...

EUVD-2025-35320

The Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for WordPress Emails plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.3.12 due to insufficient escaping on the user supplied parameter and...

EUVD-2019-8678

Malware in sbrugna...

EUVD-2019-1979

Malware in sbrugna...

CVE-2025-25197

Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field. An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report. The vulnerability i...

CVE-2025-25197 Silverstripe Elemental enables XSS attacks in elemental "Content blocks in use" reports

Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field. An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report. The vulnerability i...

CVE-2025-25197

SilverStripe Elemental vulnerability CVE-2025-25197 affects the Elemental module's handling of content blocks in the "Content blocks in use" report. Affected component: elemental grid field rendering; root cause is failure to cast input before including it in the grid field, which allows an XSS p...

CVE-2025-25197 Silverstripe Elemental enables XSS attacks in elemental "Content blocks in use" reports

Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field. An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report. The vulnerability i...

PT-2025-15980 · Silverstripe · Silverstripe Elemental

Name of the Vulnerable Software and Affected Versions: Silverstripe Elemental versions prior to 5.3.12 Description: The issue arises from the failure to cast input prior to including it in the grid field, allowing an elemental block to include an XSS payload. This payload can be executed when...

WordPress 5.3.x < 5.3.12 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored cross-site scripting XSS vulnerability exists via wpfilterglobalstylespost. - A prototype pollution exists via the Gutenberg wordpress/url package. Note that the...

UBUNTU-CVE-2021-41267

Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the "trustedheaders" allowed list are ignored and protect users from "Cache poisoning" attacks. In Symfony 5.2,...

PT-2021-23228 · Symfony · Symfony Httpkernel

Name of the Vulnerable Software and Affected Versions: Symfony/Http-Kernel versions 5.2 through 5.3.11 Description: The issue arises from the accessibility of the X-Forwarded-Prefix header in sub-requests, even when it is not part of the "trusted headers" allowed list. This allows an attacker to...

PT-2020-15862 · Synology · Music Station

Name of the Vulnerable Software and Affected Versions: Music Station versions prior to 5.3.12 Music Station versions prior to 5.3.13 Description: This issue allows remote attackers to inject malicious code through a cross-site scripting vulnerability in Music Station. Recommendations: For Music...

FreeBSD : puppetserver and puppetdb -- Puppet Server and PuppetDB may leak sensitive information via metrics API (36def7ba-6d2b-11ea-b115-643150d3111d)

Puppetlabs reports : Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as...

PT-2020-19863 · Puppet +1 · Puppet Server +3

Name of the Vulnerable Software and Affected Versions: Puppet Enterprise versions prior to 2018.1.13 Puppet Enterprise versions prior to 2019.5.0 Puppet Server versions prior to 6.9.2 Puppet Server versions prior to 5.3.12 PuppetDB versions prior to 6.9.1 PuppetDB versions prior to 5.2.13...

puppetserver and puppetdb -- Puppet Server and PuppetDB may leak sensitive information via metrics API

Puppetlabs reports: Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as we...

[SECURITY] Fedora 31 Update: kernel-5.3.12-300.fc31

The kernel meta package...

[SECURITY] Fedora 30 Update: kernel-5.3.12-200.fc30

The kernel meta package...

Linux Kernel Information Disclosure and Denial of Service Vulnerabilities

Description Linux Kernel is prone to an information-disclosure vulnerability and a denial-of-service vulnerability Successfully exploiting these issues may allow an attacker to gain access to sensitive information or cause denial of service conditions. Linux kernel versions through 5.3.12 are...