Astra Linux - уязвимость в cgal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted, malformed file can lead to an out-of-bounds read and type confusion, which may result in code execution. An attacker can provide malicious input to trigger a...

CVE-2026-5436 MW WP Form <= 5.1.1 - Unauthenticated Arbitrary File Move via regenerate_upload_file_keys

The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1. This is due to insufficient validation of the $name parameter upload field key passed to the generateuserfiledirpath function, which uses WordPress's pathjoin — a function that...

CVE-2026-39863

CVE-2026-39863 affects the Kamailio core (formerly OpenSER/SER). Prior to versions 5.1.1, 6.0.6, and 5.8.8 , an out-of-bounds access in the core allows remote attackers to cause a denial of service via a specially crafted data packet sent over TCP. Impact is on Kamailio instances with TCP or TLS ...

WordPress WpEvently plugin <= 5.1.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Plugin WpEvently versions = 5.1.1...

CVE-2026-24942

Cross-Site Request Forgery CSRF vulnerability in magepeopleteam WpEvently mage-eventpress allows Cross Site Request Forgery.This issue affects WpEvently: from n/a through = 5.1.1...

CVE-2026-24942 WordPress WpEvently plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in magepeopleteam WpEvently mage-eventpress allows Cross Site Request Forgery.This issue affects WpEvently: from n/a through = 5.1.1...

CVE-2025-62146

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maksym Marko MX Time Zone Clocks mx-time-zone-clocks allows Stored XSS.This issue affects MX Time Zone Clocks: from n/a through = 5.1.1...

WordPress RSS Aggregator by Feedzy plugin <= 5.1.1 - Unauthenticated Blind Server-Side Request Forgery vulnerability

Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Lucas Montes Nirox in WordPress Plugin Feedzy versions = 5.1.1...

CVE-2025-12357

By manipulating the Signal Level Attenuation Characterization SLAC protocol with spoofed measurements, an attacker can stage a man-in-the-middle attack between an electric vehicle and chargers that comply with the ISO 15118-2 part. This vulnerability may be exploitable wirelessly, within close...

PT-2025-44639

Name of the Vulnerable Software and Affected Versions ISO 15118-2 compliant EV charging systems affected versions not specified Description A flaw exists in the Signal Level Attenuation Characterization SLAC protocol used in electric vehicle EV charging systems that adhere to the ISO 15118-2...

AlmaLinux 10 : valkey (ALSA-2025:11401)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:11401 advisory. redis: Redis Stack Buffer Overflow CVE-2025-27151 redis: Redis Unauthenticated Denial of Service CVE-2025-48367 redis: Redis Hyperloglog Out-of-Bounds...

Important: Red Hat Security Advisory: Red Hat Offline Knowledge Portal update

Red Hat Offline Knowledge Portal update This is an update for the Red Hat Offline Knowledge portal that updates the content as of 25 Sep 2025. It also contains a mitigation for CVE-2025-5115, as well as small fix for the CVE and Errata search applications that adds a trailing slash to search resu...

CVE-2025-58260 WordPress Highlight and Share – Social Text and Image Sharing plugin <= 5.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Stored XSS.This issue affects Highlight and Share: from n/a through = 5.1.1...

WordPress plugin Highlight and Share – Social Text and Image Sharing 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based...

BlueSpice 安全漏洞

BlueSpice is free Wiki software from BlueSpice based on the MediaWiki engine. A security vulnerability exists in BlueSpice versions 5 through 5.1.1, which stems from improper output encoding or escaping and could lead to cross-site scripting attacks...

Linux Distros Unpatched Vulnerability : CVE-2020-8116

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to...

Mitel OpenScape Accounting Management 安全漏洞

Mitel OpenScape Accounting Management is an application for managing and tracking communication costs from Mitel Canada. A security vulnerability exists in Mitel OpenScape Accounting Management V5 R1.1.0 and earlier versions, which stems from insufficient user input cleanup leading to a path...

CVE-2024-35684

Cross-Site Request Forgery CSRF vulnerability in 10up ElasticPress elasticpress.This issue affects ElasticPress: from n/a through = 5.1.1...

PT-2024-29025 · Joomla · Hikashop

Name of the Vulnerable Software and Affected Versions: HikaShop Joomla Component versions prior to 5.1.1 Description: A stored cross-site scripting XSS issue allows remote attackers to execute arbitrary JavaScript in a user's web browser. This is achieved by including a malicious payload in the...

DEBIAN-CVE-2024-45230

An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize and urlizetrunc template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters...