3592 matches found
CLSA-2026-1776762459 harfbuzz: Fix of CVE-2023-25193
CVE-2023-25193: optimize looking back for base glyphs in hb-ot-layout-gsubgpos-private.hh...
CVE-2026-6703
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...
EUVD-2026-24069
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...
CVE-2026-6703 Responsive Blocks <= 2.2.1 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via AJAX Actions
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...
CVE-2026-6703
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...
CVE-2026-6703 Responsive Blocks <= 2.2.1 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via AJAX Actions
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...
PT-2026-33919
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011395)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011395 advisory. In the Linux kernel, the following vulnerability has been resolved: NFSD: Define a proclayoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client shou...
firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Layout: Text and Fonts component...
firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Layout: Text and Fonts component...
Apache Log4net: Silent Log Event Loss In XmlLayout And XmlLayoutSchemaLog4J Due To Unescaped XML 1.0 Forbidden Character
Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list , in versions before 3.3.0, fail to sanitize characters forbidden by the XML 1.0...
CLSA-2026-1776443255 libxslt: Fix of CVE-2023-40403
CVE-2023-40403: make generate-id deterministic to prevent memory layout leak...
CVE-2026-6486
A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manipulation of the argument displayname results in cross site scripting. The attack can be executed...
CVE-2026-6486
CVE-2026-6486 affects classroombookings up to version 2.17.0; the read() function in crbs-core/application/views/layout.php (User Display Name Handler) is vulnerable to cross-site scripting via the displayname argument. Exploitation is possible remotely; exploitation is documented as PoC. A fix i...
CVE-2026-6486 classroombookings User Display Name layout.php read cross site scripting
A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manipulation of the argument displayname results in cross site scripting. The attack can be executed...
[SECURITY] Fedora 44 Update: kcm_wacomtablet-6.6.4-1.fc44
This module implements a GUI for the Wacom Linux Drivers and extends it with profile support to handle different button/pen layouts per profile...
firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Layout: Text and Fonts component...
firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Layout: Text and Fonts component...
CVE-2026-41034
ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion via pictFmla.cbBufInCtlStm and other vectors, leading to an information leak and ASLR bypass...
CVE-2026-41034
ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion via pictFmla.cbBufInCtlStm and other vectors, leading to an information leak and ASLR bypass...