Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000314)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000314 advisory. The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be...

CVE-2022-50586

Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting XSS in the BPI component via the info URL field. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2022-50585

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.7 / Nagios XI 5.8.9 contains a cross-site scripting XSS vulnerability via the Audit Log page search input. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in...

CVE-2022-50586

Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting XSS in the BPI component via the info URL field. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2022-50585

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.7 / Nagios XI 5.8.9 contains a cross-site scripting XSS vulnerability via the Audit Log page search input. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in...

CVE-2022-50586

CVE-2022-50586 affects Nagios XI pre-5.8.9 with stored XSS in the BPI component’s info URL field. Root cause: insufficient validation/escaping of user-supplied input, enabling injection of arbitrary script into a victim’s browser. Impact is described as cross-site scripting in Nagios XI web UI; n...

CVE-2022-50586 Nagios XI < 5.8.9 Stored XSS via BPI Info URL

Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting XSS in the BPI component via the info URL field. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2022-50588 Nagios XI < 5.8.9 Stored XSS in Update Checking

Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting XSS in the update checking feature. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

PT-2025-44482

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.1.7 Nagios XI versions prior to 5.8.9 Description The Core Config Manager CCM in Nagios XI is susceptible to a cross-site scripting XSS issue through the Audit Log page search input. A lack of proper input...

PT-2025-44484

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.8.9 Description The software is susceptible to a cross-site scripting XSS issue through the Apply Configuration error text. A lack of proper input validation or escaping of user-provided data could enable an...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.8.9, which stems from insufficient validation...

PT-2025-44483

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.8.9 Description The software is susceptible to cross-site scripting XSS within the BPI component through manipulation of the info URL field. A lack of proper input validation or escaping could enable an attacker t...

EUVD-2024-47515

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-22636

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PluXml Blog v5.8.9 was discovered to contain a remote code execution RCE vulnerability in the Static Pages feature. This vulnerability is exploited via injectin...

Linux Distros Unpatched Vulnerability : CVE-2023-47016

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - radare2 5.8.9 has an out-of-bounds read in rbinobjectsetitems in libr/bin/bobj.c, causing a crash in rreadle32 in libr/include/rendian.h. CVE-2023-47016 Note th...

CVE-2024-12575

CVE-2024-12575 relates to the WordPress plugin Poll Maker – Versus Polls, Anonymous Polls, Image Polls (≤ 5.8.9). The vulnerability is an unauthenticated basic information exposure exposed via the ajax action ays_finish_poll, allowing attackers to retrieve admin email information from poll respon...

CVE-2024-12575 Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 5.8.9 - Unauthenticated Basic Information Exposure

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 5.8.9 via the 'aysfinishpoll' AJAX action. This makes it possible for unauthenticated attackers to retrieve admin email information...

CVE-2024-12575 Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 5.8.9 - Unauthenticated Basic Information Exposure

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 5.8.9 via the 'aysfinishpoll' AJAX action. This makes it possible for unauthenticated attackers to retrieve admin email information...

CVE-2024-6411

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.8.9. This is due to a lack of validation on user-supplied data in the 'pmuploadimage' AJAX action. This makes it possible for authenticated...

WordPress plugin ProfileGrid security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...