CVE-2025-15546

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000228)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000228 advisory. In the Linux kernel before 5.1, there is a memory leak in featregistersp in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. Tenable has...

CVE-2025-2421

Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Informatics SambaBox allows Code Injection. This issue affects SambaBox: before 5.1...

CVE-2025-2488 XSS in Profelis Informatics' SambaBox

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Profelis Informatics SambaBox allows Cross-Site Scripting XSS. This issue affects SambaBox: before 5.1...

CVE-2025-2421

CVE-2025-2421 affects SambaBox (Profelis Informatics) prior to version 5.1. The root cause is improper control of code generation, enabling a code injection vulnerability. Multiple sources consistently describe impact as code injection with a high severity risk; CVSS metrics in the initial entry ...

HikaShop Joomla Component 跨站脚本漏洞

HikaShop Joomla Component is an e-commerce component from HikaShop that is used in the Joomla content management system. A security vulnerability exists in HikaShop Joomla Component versions prior to 5.1.1, which stems from vulnerability to a stored cross-site scripting attack that allows a remot...

Intel DCM software 安全漏洞

Intel DCM software is an application from Intel Corporation USA. A security vulnerability exists in Intel DCM software versions prior to 5.0.1, which arises from insufficiently protected credentials. An attacker could exploit the vulnerability to cause information disclosure...

OPSWAT MetaDefender Core 安全漏洞

OPSWAT MetaDefender Core OPSWAT MDCore is a multi-engine anti-malware software from OPSWAT, Inc. It prevents the upload of malicious files on web applications that bypass sandboxing and other detection-based security solutions. A security vulnerability exists in OPSWAT MetaDefender Core versions...

avada theme for WordPress cross-site scripting vulnerability

avada theme for WordPress is a responsive multipurpose theme plugin for use in WordPress. A cross-site scripting vulnerability exists in avada theme for WordPress versions prior to 5.1.5. The vulnerability stems from a lack of proper validation of client-side data by the web application. An...

Oracle VM VirtualBox Elevation of Privilege Vulnerability (CNVD-2018-02061)

Oracle Virtualization is the American Oracle Oracle company's set of hardware and software virtualization management solutions. Oracle VM VirtualBox is one of the virtual machine components. A security vulnerability exists in the Oracle VM VirtualBox component of Oracle Virtualization, versions...

Unspecified Vulnerability in Oracle VM VirtualBox (CNVD-2017-17505)

VirtualBox is cross-platform virtualization software for x86-based systems. A security vulnerability exists in the Core component implementation of Oracle VM VirtualBox versions prior to 5.1.24, which can be exploited by attackers to compromise the confidentiality, integrity, and availability of ...

PYSEC-2011-21

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI...