WordPress SVG Map Plugin plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting vulnerability discovered by dayea song - Ahnlab in WordPress Plugin SVG Map Plugin versions = 1.0.0...

Important: amazon-ssm-agent

Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...

WordPress plugin SVG Map Plugin 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site reques...

WordPress plugin Multi-column Tag Map 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPres...

iccDEV 缓冲区错误漏洞

iccDEV is a color configuration codebase open-sourced by the International Color Consortium ICC. A buffer error vulnerability exists in versions prior to iccDEV 2.3.1.2, which stems from a heap buffer overflow in the ToneMap parser...

PT-2026-1591

Name of the Vulnerable Software and Affected Versions SVG Map Plugin for WordPress versions prior to 1.0.1 Description The software is susceptible to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on multiple AJAX actions. Specifically, the AJAX actions ‘save data’,...

PT-2026-1616

Name of the Vulnerable Software and Affected Versions Multi-column Tag Map versions prior to 17.0.40 Description The Multi-column Tag Map plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allow...

PT-2026-2070

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools used for interacting with, manipulating, and applying ICC color management profiles. A heap buffer overflow exists in the ToneMap parser in versions prior to...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000342)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000342 advisory. In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in btrfsmapblock in...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000516)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000516 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array out-of-bounds memory accesses, on...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000387)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000387 advisory. A memory leak in the mwifiexpciealloccmdrspbuf function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000374)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000374 advisory. An issue was discovered in writetptentry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dmamapsingle a...

WordPress Multi-column Tag Map plugin <= 17.0.39 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'mctm_css_conditional' Parameter vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'mctmcssconditional' Parameter vulnerability discovered by Bhayanak Atma in WordPress Plugin Multi-column Tag Map versions = 17.0.39...

CVE-2026-21492 iccDEV ToneMap Writer has NULL Pointer Member Call

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a NULL pointer member call vulnerability. This vulnerability affects users of the iccDEV libra...

CVE-2026-21492

CVE-2026-21492 affects the iccDEV library used for ICC color profile handling. Versions prior to 2.3.1.2 contain a NULL pointer member call vulnerability in the ToneMap Writer. The issue can trigger dereferencing of a null pointer when processing profiles. Version 2.3.1.2 includes a patch. No pub...

CVE-2025-68454

Craft is a platform for creating digital experiences. Versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16 are vulnerable to potential authenticated Remote Code Execution via Twig SSTI. For this to work, users must have administrator access to the Craft Control Panel, and...

Template Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Template Injection via the map filter in Twig templates when processing text fields that accept Twig input in the control panel settings or through the System Messages utility. An attacker ca...

GHSA-742X-X762-7383 Craft CMS vulnerable to potential authenticated Remote Code Execution via Twig SSTI

For this to work, users must have administrator access to the Craft Control Panel, and allowAdminChanges must be enabled for this to work, which is against Craft CMS' recommendations for any non-dev environment...

Insecure Deserialization

Apache NiFi is vulnerable to Insecure Deserialization. The vulnerability is due to where the GetAsanaObject Processor stores and retrieves state data using generic Java object deserialization without validation, allowing attackers with direct access to the configured Distributed Map Cache server ...

xorg: xmayland: Value overflow in XkbSetCompatMap()

A flaw was identified in the X.Org X server’s X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a cras...