USN-8029-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - Nios II architecture; - PA-RISC architecture; - RISC-V architecture; -...

CVE-2026-1893

The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnlabel' parameter in the 'orbisiusrandomnamegenerator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it...

ISC BIND 9.16.0 < 9.18.41 / 9.16.8-S1 < 9.18.41-S1 / 9.18.0 < 9.18.41 / 9.18.11-S1 < 9.18.41-S1 / 9.20.0 < 9.20.15 / 9.20.9-S1 < 9.20.15-S1 / 9.21.0 < 9.21.14 Vulnerability (cve-2025-40780)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2025-40780 advisory. - In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for a...

CVE-2026-1893

The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnlabel' parameter in the 'orbisiusrandomnamegenerator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it...

CVE-2026-1893

The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnlabel' parameter in the 'orbisiusrandomnamegenerator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it...

CVE-2026-1893 Orbisius Random Name Generator <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_label' Shortcode Attribute

The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnlabel' parameter in the 'orbisiusrandomnamegenerator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it...

PT-2026-7484

The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btn label' parameter in the 'orbisius random name generator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes i...

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG due to the UUIDv4 and UUID functions silently returning predictable values, such as the zero UUID, when the cryptographic random number generator fails. An attacker can...

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG due to the UUIDv4 and UUID functions silently returning predictable values, such as the zero UUID, when the cryptographic random number generator fails. An attacker can...

PowerDocu 代码问题漏洞

PowerDocu is a canvas generation software developed by Rene Modery. Versions of PowerDocu prior to 2.4.0 had code vulnerabilities. These vulnerabilities stemmed from blindly trusting the $type attribute during the parsing of JSON files, which could lead to code execution...

WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.7.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by w41bu1 in WordPress Plugin AI ChatBot with ChatGPT and Content Generator by AYS versions = 2.7.4...

CVE-2026-24903 OrcaStatLLM Researcher Stored Cross-Site Scripting (XSS) via Log Message Injection in Session Page

OrcaStatLLM Researcher is an LLM Based Research Paper Generator. A Stored Cross-Site Scripting XSS vulnerability was discovered in the Log Message in the Session Page in OrcaStatLLM-Researcher that allows attackers to inject and execute arbitrary JavaScript code in victims' browsers through...

OrcaStatLLM Researcher 跨站脚本漏洞

OrcaStatLLM Researcher is an open-source research paper generator based on large models, developed by AlgoNet Lab. OrcaStatLLM Researcher has a cross-site scripting vulnerability. This vulnerability arises from improper handling of malicious research topic inputs in the log messages of the sessio...

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

CVE-2026-0681

The Extended Random Number Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-0681 Extended Random Number Generator <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings

The Extended Random Number Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-0681 Extended Random Number Generator <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings

The Extended Random Number Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress plugin Extended Random Number Generator 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

PT-2026-6019

Name of the Vulnerable Software and Affected Versions Extended Random Number Generator versions prior to 1.2 Description The Extended Random Number Generator plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin settings. Insufficient input sanitization and output...

PT-2026-6655

Name of the Vulnerable Software and Affected Versions jsPDF versions prior to 4.0.0 SurveyJS PDF Generator versions 1.12.58 and lower SurveyJS PDF Generator versions 2.5.4 and lower Description A local file inclusion or path traversal issue was identified in jsPDF. Because SurveyJS PDF Generator...