PT-2026-43501

The GNTT Post Title Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the title-ticker-slide, title-ticker-fade, and title-ticker-typing shortcodes. This is due to insufficient input sanitization and output escaping on shortcode attributes notably border,...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: ntfs: fixed a use-after-free in ntfsattrfind The patch series “ntfs: fix bugs about Attribute”, version 2. This patchset fixes three bugs related to Attribute in records: Patch 1 adds a sanity check to ensure that the...

RLSA-2026:17481 Important: rsync security update

The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...

rsync security update

An update is available for rsync. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The rsync utility enables the users to copy and synchronize files locally or...

ALSA-2026:17481 Important: rsync security update

The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...

CVE-2026-2300

The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterimages function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing pregreplace that does not properly handle HTML attribute boundaries when replacing sr...

RHCOS 4 : OpenShift Container Platform 4.13.8 (RHSA-2023:4459)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4459 advisory. - golang: net/http, net/textproto: denial of service from excessive memory allocation CVE-2023-24534 - golang: html/template: improp...

EUVD-2026-26625

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: zero expect NAT fields when CTAEXPECTNAT absent ctnetlinkallocexpect allocates expectations from a non-zeroing slab cache via nfctexpectalloc. When CTAEXPECTNAT is not present in the netlink message, savedad...

CVE-2026-4078

The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice in all versions up to and including 1.8.2. This is due to insufficient input sanitization and output escaping in the...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006776)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006776 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/mm/pat: fix VMPAT handling in COW mappings PAT handling won't do the right thing in COW...

EUVD-2026-7435

ImageMagick: MSL attribute stack buffer overflow leads to out of bounds write...

CVE-2026-25968

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribute in msl.c. A long value overflows a fixed-size stack buffer, leading to memory corruption. Versio...

PT-2026-5243

Name of the Vulnerable Software and Affected Versions Drupal Central Authentication System CAS Server versions prior to 2.0.3 Drupal Central Authentication System CAS Server versions 2.1.0 through 2.1.1 Description The Central Authentication System CAS Server module for Drupal does not adequately...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992867)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992867 advisory. In the Linux kernel, the following vulnerability has been resolved: ntfs: fix use-after-free in ntfsattrfind Patch series ntfs: fix bugs about Attribute, v2. This...

CVE-2023-54262 net/mlx5e: Don't clone flow post action attributes second time

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't clone flow post action attributes second time The code already clones post action attributes in mlx5ecloneflowattrforpostact. Creating another copy in mlx5etcpostactadd is a erroneous leftover from original...

EUVD-2025-201620

In the Linux kernel, the following vulnerability has been resolved: NFSD: Define actions for the new timedeleg FATTR4 attributes NFSv4 clients won't send legitimate GETATTR requests for these new attributes because they are intended to be used only with CBGETATTR and SETATTR. But NFSD has to do...

Linux Distros Unpatched Vulnerability : CVE-2025-40148

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL pointer checks in dcstream cursor attribute functions The function...

PT-2025-46205

Name of the Vulnerable Software and Affected Versions ProsemirrorToHtml versions 0.2.0 and below Description The prosemirror to html gem contains a flaw that allows for Cross-Site Scripting XSS attacks. This is due to improper handling of HTML attribute values during the conversion of...

USN-7852-1 libxml2 vulnerability

It was discovered that libxslt, used by libxml2, incorrectly handled certain attributes. An attacker could use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. This update adds a fix to libxml2 to mitigate the libxslt vulnerability...

CVE-2025-9710 Responsive Lightbox & Gallery < 2.5.3 - Unauthenticated Stored-XSS via Comments

The Responsive Lightbox & Gallery WordPress plugin before 2.5.3 does not properly handle HTML tag attributes modifications, potentially allowing unauthenticated attackers to abuse the functionality to include event handlers and conduct Stored XSS attacks...