CVE-2025-5088

creationtimestamp| type| source ---|---|--- 2026-06-05 19:26:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnkume56ia2u 2026-06-05 19:50:03+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mnkvvrkemq23...

CVE-2026-5088

creationtimestamp| type| source ---|---|--- 2026-04-15 08:08:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjjgw5ubnq2z 2026-04-15 15:55:33+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mjkazid6lm2s 2026-04-15 16:00:33+00:00| seen|...

CVE-2026-5088

CVE-2026-5088 affects Apache::API::Password for Perl up to version 0.5.2, where salts may be generated with non-cryptographically secure randomness. The _make_salt and _make_salt_bcrypt routines attempt Crypt::URandom and Bytes::Random::Secure; if these modules are unavailable, salts are produced...

CVE-2026-5088 Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts

Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts. The makesalt and makesaltbcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply...

MiracleLinux 9 : lua-5.4.2-4.el9.3 (AXSA:2023-5088:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5088:01 advisory. lua: heap buffer overflow in luaGerrormsg in ldebug.c due to uncontrolled recursion in error handling CVE-2022-33099 Tenable has extracted the preceding...

TencentOS Server 4: qemu (TSSA-2024:0869)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0869 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2024-5088

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

CVE-2018-5088

In K7 AntiVirus 15.1.0306, the driver file K7FWHlpr.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300211C...

[SECURITY] [DLA 4144-1] qemu security update

Debian LTS Advisory DLA-4144-1 [email protected] https://www.debian.org/lts/security/ Santiago Ruano Rincón April 30, 2025 https://wiki.debian.org/LTS Package : qemu Version : 1:5.2+dfsg-11+deb11u4 CVE ID : CVE-2023-1544 CVE-2023-3019 CVE-2023-5088 CVE-2023-6693 CVE-2024-3447 Debian Bug...

Advisory ROSA-SA-2025-2814

Software: qemu-kvm 6.2.0 OS: ROSA Virtualization 3.0 packageevrstring: qemu-kvm-6.2.0-53.rv30.2 CVE-ID: CVE-2021-3750 BDU-ID: 2024-04421 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the QEMU hardware emulator is related to a lack of checks to see if the buffer pointer overlaps with the MMIO...

CBL Mariner 2.0 Security Update: qemu (CVE-2023-5088)

The version of qemu installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5088 advisory. - A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted ...

CVE-2023-5088 affecting package qemu for versions less than 6.2.0-21

CVE-2023-5088 affecting package qemu for versions less than 6.2.0-21. A patched version of the package is available...

Linux Distros Unpatched Vulnerability : CVE-2023-5088

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the...

Linux Distros Unpatched Vulnerability : CVE-2012-5088

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect...

CVE-2019-5088

An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 14.0.7 x64. A specially crafted BMP file can cause an out-of-bounds memory write, allowing a potential attacker to execute arbitrary code on the victim machine. Can trigger this vulnerability by sendin...

Mageia: Security Advisory (MGASA-2024-0387)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

virt:ol and virt-devel:rhel security update

hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt 8.0.0-23.1.0.1 - Set SOURCEDATEEPOCH from changelog Orabug: 32019554 - Add runtime deps for pkg librbd1 = 1:10.2.5 Keshav Sharma 8.0.0-23.1.el8 - remote: check for negative array lengths before allocation CVE-2024-2494...

RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2024:2962)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2962 advisory. Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contai...

CVE-2024-5088 Happy Addons for Elementor <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

CVE-2024-5088

CVE-2024-5088 affects Happy Addons for Elementor (WordPress) and is a Stored XSS via the _id parameter in all versions up to 3.10.8. Exploitation requires authentication at Contributor level or higher, enabling an attacker to inject scripts that execute on pages accessed by other users. Patch/mit...