CVE-2026-3694

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the btbbbutton shortcode in all versions up to, and including, 5.6.8. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2025-66105

Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bus Ticket Booking with Seat Reservation: from n/a before 5.6.8...

CVE-2025-66105 WordPress Bus Ticket Booking with Seat Reservation plugin < 5.6.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bus Ticket Booking with Seat Reservation: from n/a before 5.6.8...

CVE-2025-66105

Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bus Ticket Booking with Seat Reservation: from n/a before 5.6.8...

WordPress plugin Bus Ticket Booking with Seat Reservation 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000411)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000411 advisory. usbsgcancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925...

Linux Distros Unpatched Vulnerability : CVE-2022-1382

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of making the radare2 crash, thus affecting the...

CVE-2024-21647

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an...

Design/Logic Flaw

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an...

CVE-2024-21647

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an...

Malicious code in f0-fpti-tracking-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e1d6cccf9ef65f34bdf293de4de123a77f8d39e6e7d1ec98fcaeb53ee57caedf The OpenSSF Package Analysis project identified 'f0-fpti-tracking-manager' @ 5.6.8 npm as malicious. It is considered malicious because: - The...

SUSE CVE-2015-4600

The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in the 1...

SUSE CVE-2022-1297

Out-of-bounds Read in rbinnegetentrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash...

CVE-2023-25135

vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verifyserialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions a...

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.2 <=4.6.0.0), ai.ylyue:yue-library-auth-client (>=j11.2.6.0 <=j11.2.6.1) +1919 more potentially affected by CVE-2022-31692 via org.springframework.security:spring-security-core (>=5.6.0 <=5.6.8)

org.springframework.security:spring-security-core MAVEN version =5.6.0, =4.4.0.2, =j11.2.6.0, =j11.2.6.0, =1.3.1.RELEASE, =0.2.0, =0.8.3, =2.1.0.M8, =1.0.0, =2.7.0.Beta3, =2.7.0.Beta4, =2.7.0.Beta3, =2.7.0.Beta3, =2.7.0.Beta3, =2.7.0.RC1 and more Source cves: CVE-2022-31692 Source advisory:...

PT-2022-20890

Name of the Vulnerable Software and Affected Versions Spring Security versions 5.6 through 5.6.8 Spring Security versions 5.7 through 5.7.4 Description The issue allows a malicious user or attacker to modify a request initiated by the Client to the Authorization Server, potentially leading to a...

This Week in Spring - October 25th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! When last we spoke, I was in Las Vegas, NV, for the JavaOne show. It was amazing! Im in sunny Singapore, then off to Malaysia and Thailand. Its the first time Ive been to any of these places since 2019! How good it is to be...

CVE-2022-1061

Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8...

com.day.cq:cq-personalization (>=5.4.0 <=5.6.8), org.apache.sling:org.apache.sling.servlets.post (>=2.1.0 <=3.0.2) potentially affected by CVE-2012-3353 via org.apache.sling:org.apache.sling.jcr.contentloader (>=2.0.4-incubator <=2.1.4)

org.apache.sling:org.apache.sling.jcr.contentloader MAVEN version =2.0.4-incubator, =5.4.0, =2.1.0, =3.0.2 Source cves: CVE-2012-3353 Source advisory: OSV:GHSA-WJP3-4XCQ-598P...

Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2

This vulnerability is of type heap-buffer-overflow. And after quick investigation I think it is very likely to be successfully exploited to remote code execution. The bug exists in latest stable release radare2-5.6.8 and lastest master branch 5a9e0a19ba07e35382776fed9da2649ac824f526, updated in M...