SUSE CVE-2026-33906

Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup and restore permission. The restore endpoint accepted any valid SQLite file without verifying its contents. A NetworkManager could replace the production database with a tamper...

CVE-2026-1943

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop...

CVE-2026-1381

The Order Minimum/Maximum Amount Limits for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-67738

squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module and its Cache Manager feature are available, and an untrusted party is able to authenticate to Webmin and has certain Cache Manager permissions the "cms" security option...

EUVD-2025-202665

squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module and its Cache Manager feature are available, and an untrusted party is able to authenticate to Webmin and has certain Cache Manager permissions the "cms" security option...

EUVD-2016-9796

Malware in sbrugna...

EUVD-2013-1831

Malware in sbrugna...

EUVD-2002-2257

Malware in sbrugna...

EUVD-2023-44121

Malicious code in bioql PyPI...

SUSE CVE-2025-52992

The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and...

CVE-2024-13519

The MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.9.80 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-13519

CVE-2024-13519 (MarketKing – Ultimate WooCommerce Multivendor Marketplace Solution) has concrete details in connected records. The vulnerability affects the MarketKing WordPress plugin (MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution) and is a Stored Cross-Site Scripting flaw e...

CVE-2024-9779 Open-cluster-management-io/ocm: cluster-manager permissions may allow a worker node to obtain service account tokens

A flaw was found in Open Cluster Management OCM when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name "cluster-manager" which is bound to a ClusterRole also named...

CVE-2024-9779 Open-cluster-management-io/ocm: cluster-manager permissions may allow a worker node to obtain service account tokens

A flaw was found in Open Cluster Management OCM when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name "cluster-manager" which is bound to a ClusterRole also named...

PT-2024-7973 · Nvidia · Nvidia Virtual Gpu Manager

Name of the Vulnerable Software and Affected Versions: NVIDIA Virtual GPU Manager affected versions not specified Description: The issue is related to incorrect permission assignment for a critical resource in the NVIDIA Virtual GPU Manager component. This could allow an attacker to gain...

CVE-2024-6703

CVE-2024-6703 affects the WordPress plugin “Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder.” The vulnerability is a Stored Cross-Site Scripting (XSS) due to insufficient input sanitization and output escaping in the description and btn_txt parameters, exploi...

CVE-2024-2752

CVE-2024-2752 concerns the WordPress WooCommerce extension Where Did You Hear About Us Checkout Field for WooCommerce. The connected Red Hat CVE entry confirms the issue as a Stored Cross-Site Scripting vulnerability via order meta in all versions up to and including 1.3.1, caused by insufficient...

Code injection

IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. IBM Reference : 1998663...

CVE-2013-1810

Multiple cross-site scripting XSS vulnerabilities in core/summaryapi.php in MantisBT 1.2.12 allow remote authenticated users with manager or administrator permissions to inject arbitrary web script or HTML via a 1 category name in the summaryprintbycategory function or 2 project name in the...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in core/summaryapi.php in MantisBT 1.2.12 allow remote authenticated users with manager or administrator permissions to inject arbitrary web script or HTML via a 1 category name in the summaryprintbycategory function or 2 project name in the...