Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004466)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004466 advisory. An issue was discovered in the Linux kernel before 5.9.3. iouring takes a non-refcounted reference to the filesstruct of the process that submitted a request, causin...

CVE-2022-35587

A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishondate" Parameter...

CVE-2022-35590

A cross-site scripting XSS issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "enddate" Parameter...

EUVD-2024-45918

Malicious code in bioql PyPI...

EUVD-2022-6602

Malicious code in bioql PyPI...

EUVD-2023-51112

Malicious code in bioql PyPI...

EUVD-2022-6600

Malicious code in bioql PyPI...

EUVD-2022-6523

Malicious code in bioql PyPI...

CVE-2023-46953

SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module...

CVE-2022-35589

A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishontime" Parameter...

CVE-2021-37787

The unprivileged administrative interface in ABO.CMS version 5.8 through v.5.9.3 is affected by a SQL Injection vulnerability via a HTTP POST request to the TinyMCE module...

PT-2025-2035 · Sonaar · Mp3 Audio Player – Music Player

Name of the Vulnerable Software and Affected Versions: The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress versions up to, and including, 5.9.3 Description: The issue is related to Stored Cross-Site Scripting via Podcast RSS Feed due to insufficient input...

WordPress plugin Premium Packages 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

WordPress Premium Packages - Sell Digital Products Securely plugin <= 5.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdmpp_pay_link Shortcode vulnerability

WordPress Premium Packages - Sell Digital Products Securely plugin = 5.9.3 - Authenticated Contributor+ Stored Cross-Site Scripting via wpdmpppaylink Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin WPDM – Premium Packages versions = 5.9.3...

WordPress Premium Packages Plugin <= 5.9.3 is vulnerable to Cross Site Scripting (XSS)

Software Premium Packages Type Plugin Vulnerable versions = 5.9.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10164 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e294ff14d79a Credits Peter Thaleikis Required...

WordPress plugin Premium Packages SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

PT-2024-35275 · W3 Eden · W3 Eden

Name of the Vulnerable Software and Affected Versions: W3 Eden, Inc. Premium Packages versions n/a through 5.9.3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

WordPress Premium Packages Plugin <= 5.9.5 is vulnerable to SQL Injection

Software Premium Packages Type Plugin Vulnerable versions = 5.9.5 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-52435 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID d5408dddb735 Credits Jorge Diaz ddiax Required privilege Administrator...

WordPress plugin ProfileGrid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-6127

CVE-2024-6127 affects BC Security Empire before 5.9.3. It is a path-traversal vulnerability that can enable remote code execution. An unauthenticated attacker can trigger the issue over HTTP by acting as a normal agent, completing cryptographic handshakes, and uploading payload data containing a ...