Amazon Linux 2023 : oci-add-hooks (ALAS2023-2025-1335)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1335 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf...

CVE-2026-21875 ClipBucket v5 Vulnerable to Blind SQL Injection through Channel Comments

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST request to the /actions/ajax.php endpoint. The objid...

CVE-2019-16334

In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories - Add New Category - Name field. NOTE: this may overlap CVE-2017-16636...

CVE-2025-14371

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the taxopressaiaddpostterm function in all versions up to, and including, 3.41.0. This makes it possible for authenticat...

CVE-2025-1592

A vulnerability was found in SourceCodester Best Employee Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/Operations/Role.php of the component Add Role Page. The manipulation of the argument assignname/description...

CVE-2019-12739

lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php nameOfFile and directory parameters...

CVE-2025-13519

CVE-2025-13519 involves the SVG Map Plugin for WordPress. The vulnerability is a CSRF issue (CSRF to Settings Update) and Stored XSS in the SVG Map Plugin

REDAXO 安全漏洞

REDAXO is a content management system of REDAXO open source. A security vulnerability exists in REDAXO versions prior to 5.20.2, which stems from a path traversal in the file export function of the Backup add-on, which could cause a user with backup privileges to read arbitrary files in the webro...

PT-2026-2114

Name of the Vulnerable Software and Affected Versions ClipBucket versions 5.5.2 through 5.5.2-187 Description ClipBucket v5 is a video sharing platform susceptible to a Blind SQL Injection issue. The flaw exists within the add comment section of a channel. An attacker can exploit this by sending ...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000416)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000416 advisory. An array overflow was discovered in mt76addfragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized...

Medium: oci-add-hooks

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

CVE-2020-36906 P5 FNIP-8x16A FNIP-4xSH 1.0.20 Cross-Site Request Forgery via User Management

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

CVE-2020-36906

The connected documents jointly confirm a cross-site request forgery (CSRF) vulnerability in P5 FNIP-8x16A and FNIP-4xSH devices running version 1.0.20. The root cause is a CSRF flaw that allows an attacker to trigger administrative actions without user consent by forcing an authenticated user to...

mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()

...

CVE-2025-12067 Table Field Add-on for ACF and SCF <= 1.3.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table Cell Content

The Table Field Add-on for ACF and SCF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Cell Content in all versions up to, and including, 1.3.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

SUSE CVE-2025-11777

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint...

PT-2026-1441

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

PT-2026-1421

Name of the Vulnerable Software and Affected Versions The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress versions through 3.41.0 Description The software contains a flaw that allows unauthorized modification of data. Specifically, a missing capability check...

PT-2026-1419

Name of the Vulnerable Software and Affected Versions Table Field Add-on for ACF and SCF plugin for WordPress versions up to and including 1.3.30 Description The software is susceptible to Stored Cross-Site Scripting through the Table Cell Content due to inadequate input sanitization and output...

WordPress Table Field Add-on for ACF and SCF plugin <= 1.3.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table Cell Content vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Table Cell Content vulnerability discovered by shark3y in WordPress Plugin Table Field Add-on for ACF and SCF versions = 1.3.30...