CVE-2026-2396

The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event description in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-2396 List View Google Calendar <= 7.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via Event Description

The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event description in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Zabbix 6.0.x < 6.0.42 / 7.0.x < 7.0.19 / 7.2.x < 7.2.13 / 7.4.x < 7.4.3 DoS (ZBX-27284)

The version of Zabbix Server installed on the remote host is affected by a vulnerability. An authenticated Zabbix user including Guest is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service. Note...

Azure Linux 3.0 Security Update: valkey (CVE-2025-21605)

The version of valkey installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21605 advisory. - Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to...

OESA-2025-2862 redis6 security update

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

TencentOS Server 4: redis (TSSA-2025:0376)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0376 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 3: redis:6 (TSSA-2025:0449)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0449 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Fortinet FortiClientWindows 安全漏洞

Fortinet FortiClientWindows is a Windows-based mobile endpoint security solution from Fortinet, Inc. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance. A security vulnerability exis...

Fortinet FortiManager Insertion of Sensitive Information Into Sent Data in csfd daemon (FG-IR-24-228)

The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-228 advisory. - A insertion of sensitive information into sent data in Fortinet FortiManager Cloud 7.4.1 through 7.4.3, FortiVoice 7.0.0...

PT-2025-41963

Name of the Vulnerable Software and Affected Versions FortiClientMac versions 7.0 through 7.2.11 FortiClientMac versions 7.4.0 through 7.4.3 Description An incorrect permission assignment for a critical resource may allow a local attacker to run arbitrary code or commands via LaunchDaemon...

EUVD-2025-22464

Malicious code in bioql PyPI...

CVE-2025-43785

Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitrary web script or HTML in the My Workflow Tasks pa...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

Linux Distros Unpatched Vulnerability : CVE-2022-29248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not...

CVE-2025-43736

MODE C Vulnerability: CVE-2025-43736 affects Liferay Portal 7.4.3.0–7.4.3.132 and Liferay DXP 2025.Q1.0–2025.Q1.8 (and older 2024 Qx bundles) where uploading a profile picture larger than 300 KB (exceeding the documented 300 KB limit) can cause service slowdown / potential Denial of Service. Root...

CVE-2025-5196

A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Lua Admin Console. The manipulation leads to execution with unnecessary privileges. The attack can be launched remotely. The...

Security Bulletin: IBM QRadar SIEM is vulnerable to cross-site scripting (XSS) (CVE-2022-22345)

Summary IBM QRadar SIEM is vulnerable to cross site scripting XSS. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-22320 DESCRIPTION: IBM QRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the...

Important: valkey

Issue Overview: Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not...

BIT-REDIS-2025-21605 Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client

Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the outpu...

BIT-KEYDB-2025-21605 Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client

Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the outpu...