CVE-2026-5938

Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service...

CVE-2026-5938 Foxit PDF Editor/Reader Infinite Loop Denial-of-Service Vulnerability

Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service...

MINI-8CQ6-2297-5938

Bulletin has no description...

CVE-2025-5938

CVE-2025-5938 relates to the WordPress plugin “Digital Marketing and Agency Templates Addons for Elementor.” The issue is a Cross-Site Request Forgery caused by missing or incorrect nonce validation in the import_templates() function, affecting all versions up to and including 1.1.1. This enables...

CVE-2025-5938 Digital Marketing and Agency Templates Addons for Elementor <= 1.1.1 - Cross-Site Request Forgery to Import

The Digital Marketing and Agency Templates Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the importtemplates function. This makes it possible for...

DSA-5938-1 python-tornado - security update

Bulletin has no description...

CVE-2019-5938

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'...

CVE-2024-5938 Boot Store <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode

The Boot Store theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-5938 Boot Store <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode

The Boot Store theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2023-5938 Path traversal via 'zip slip' in Arc before v1.6.0

Multiple functions use archives without properly validating the filenames therein, rendering the application vulnerable to path traversal via 'zip slip' attacks. An administrator able to provide tampered archives to be processed by the affected versions of Arc may be able to have arbitrary files...

CVE-2023-5938 Path traversal via 'zip slip' in Arc before v1.6.0

Multiple functions use archives without properly validating the filenames therein, rendering the application vulnerable to path traversal via 'zip slip' attacks. An administrator able to provide tampered archives to be processed by the affected versions of Arc may be able to have arbitrary files...

GHSA-5938-79HG-XH3Q

creationtimestamp| type| source ---|---|--- 2023-12-21 19:26:38+00:00| seen| https://t.me/ctinow/157906...

Ubuntu 22.04 LTS : Linux kernel (GKE) vulnerabilities (USN-5938-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5938-1 advisory. It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain...

Security Bulletin: Privilege escalation attacks possible due to improper file ownership/permissions in IBM InfoSphere Information Server (CVE-2012-5938).

Abstract Security Bulletin: Privilege escalation attacks possible due to improper file ownership/permissions in IBM InfoSphere Information Server CVE-2012-5938. Content Security Bulletin: Privilege escalation attacks possible due to improper file ownership/permissions in IBM InfoSphere Informatio...

CVE-2020-5938

The CVE concerns F5 BIG-IP IPsec negotiation where, during tunnel setup with authenticated peers, the peer may agree on a key length outside the BIG-IP‑configured policy. Affected BIG‑IP versions: 11.6.1–11.6.5.2, 12.1.0–12.1.5.x, and 13.1.0–13.1.3.4. The vulnerability can lead to weaker-than-con...

F5 Networks BIG-IP : F5 IPsec vulnerability (K76610106)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.0. It is, therefore, affected by a vulnerability as referenced in the K76610106 advisory. When negotiating IPsec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the...

CVE-2019-5938

CVE-2019-5938 is a stored cross-site scripting vulnerability in Cybozu Garoon’s Mail application, affecting Cybozu Garoon 4.0.0 to 4.10.1. The issue allows remote attackers to inject arbitrary web script or HTML via the Mail component. Exploitation details are not provided in the connected docume...

Apple Mac OS X Multiple Vulnerabilities-03 (HT205375)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-820-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-1000019

CVE-2017-5938 describes a Cross-site Scripting (XSS) vulnerability in the nav_path function of ViewVC (lib/viewvc.py). It allows remote attackers to inject arbitrary web script or HTML via the nav_data name. Affected versions are ViewVC before 1.0.14 and 1.1.x before 1.1.26. The issue is fixed in...