Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011277)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011277 advisory. In the Linux kernel 6.0.8, there is a use-after-free in ntfstrimfs in fs/ntfs3/bitmap.c. Tenable has extracted the preceding description block directly from the Unit...

CVE-2025-12886 Oxygen <= 6.0.8 - Unauthenticated Server-Side Request Forgery via route_path

The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laboratorcalcroute AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web applicati...

GHSA-R5J5-Q42H-FC93 Mautic is Vulnerable to SQL Injection through Contact Activity API Sorting

Summary This advisory addresses a SQL Injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validate...

CVE-2025-69299

Server-Side Request Forgery SSRF vulnerability in Laborator Oxygen oxygen allows Server Side Request Forgery.This issue affects Oxygen: from n/a through = 6.0.8...

BIT-GHOST-2025-9862 Ghost 6.0.6 - SSRF via oEmbed Bookmark

Server-Side Request Forgery SSRF vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3...

WordPress Poll Maker plugin <= 6.0.7 - Authenticated (Administrator+) SQL Injection via `filterbyauthor` Parameter vulnerability

Authenticated Administrator+ SQL Injection via filterbyauthor Parameter vulnerability discovered by type5afe in WordPress Plugin Poll Maker versions = 6.0.7...

EUVD-2019-6119

Malware in sbrugna...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414326)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414326 advisory. In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfsattrfind in fs/ntfs/attrib.c. Tenable has extracted the preceding description block directly from th...

EUVD-2023-1417

Malicious code in bioql PyPI...

CVE-2025-9862

Server-Side Request Forgery SSRF vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3...

CVE-2025-9862

Server-Side Request Forgery SSRF vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3...

PT-2025-37860

Name of the Vulnerable Software and Affected Versions Ghost versions 5.99.0 through 5.130.3 Ghost versions 6.0.0 through 6.0.8 Description A Server-Side Request Forgery SSRF vulnerability exists in Ghost that allows an attacker to access internal resources. The vulnerability is present in Ghost’s...

Linux Distros Unpatched Vulnerability : CVE-2023-26544

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel 6.0.8, there is a use-after-free in rununpack in fs/ntfs3/run.c, related to a difference between NTFS sector size and media sector size...

PT-2024-9822 · Fortinet · Forticlientems

Name of the Vulnerable Software and Affected Versions: Fortinet FortiClientEMS versions 1.2.1 through 1.2.5 Fortinet FortiClientEMS versions 6.0.0 through 6.0.8 Fortinet FortiClientEMS versions 6.2.0 through 6.2.9 Fortinet FortiClientEMS versions 6.4.0 through 6.4.9 Fortinet FortiClientEMS versio...

CVE-2022-47432

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB allows SQL Injection.This issue affects Shortcode IMDB: from n/a through 6.0.8...

CVE-2023-37892

Cross-Site Request Forgery CSRF vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB plugin = 6.0.8 versions...

WordPress Page Visit Counter Plugin <= 6.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Page Visit Counter Type Plugin Vulnerable versions = 6.0.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2a559c6794f4 Credits Rafie Muhammad Patchstack...

Spring Framework 安全漏洞

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. A security vulnerability exists in Spring Framework that originates from a denial of service DoS by supplying a specially crafted Sp...

OESA-2023-1156 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfsattrfind in fs/ntfs/attrib.c.CVE-2023-26607...

SUSE CVE-2023-26606

In the Linux kernel 6.0.8, there is a use-after-free in ntfstrimfs in fs/ntfs3/bitmap.c...