Linux Distros Unpatched Vulnerability : CVE-2022-20486

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to...

Linux Distros Unpatched Vulnerability : CVE-2022-20487

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to...

CVE-2025-58762 Tautulli vulnerable to Authenticated Remote Code Execution via write primitive and `Script` notification agent

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative access can use the pmsimageproxy endpoint to write arbitrary python scripts into the application filesystem. This leads to remote code execution when...

CVE-2025-58762 Tautulli vulnerable to Authenticated Remote Code Execution via write primitive and `Script` notification agent

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative access can use the pmsimageproxy endpoint to write arbitrary python scripts into the application filesystem. This leads to remote code execution when...

CVE-2025-58762

CVE-2025-58762 affects Tautulli

security-research

Security Research This project hosts security advisories and...

PT-2025-39143

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to memory management within the bpf Berkeley Packet Filter subsystem. Specifically, the issue arises from calling bpf map kmalloc node from bpf...

CVE-2025-58821

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdever WP Notification Bell wp-notification-bell allows Stored XSS.This issue affects WP Notification Bell: from n/a through = 1.4.6...

CVE-2025-58794

Cross-Site Request Forgery CSRF vulnerability in rainafarai Notification for Telegram notification-for-telegram allows Cross Site Request Forgery.This issue affects Notification for Telegram: from n/a through = 3.5.1...

CVE-2025-58873

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pusheco Pushe Web Push Notification pushe-webpush allows Stored XSS.This issue affects Pushe Web Push Notification: from n/a through = 0.5.0...

CVE-2025-48556

In multiple methods of NotificationChannel.java, there is a possible desynchronization from persistence due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2025-48529

In setRingtoneUri of VoicemailNotificationSettingsUtil.java , there is a possible cross user data leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-26442

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible incorrect verification of proper intent filters in NLS due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed f...

CVE-2025-58821

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdever WP Notification Bell wp-notification-bell allows Stored XSS.This issue affects WP Notification Bell: from n/a through = 1.4.6...

CVE-2025-58794

Cross-Site Request Forgery CSRF vulnerability in rainafarai Notification for Telegram notification-for-telegram allows Cross Site Request Forgery.This issue affects Notification for Telegram: from n/a through = 3.5...

CVE-2025-58873

CVE-2025-58873 affects the WordPress plugin Pushe Web Push Notification (versions up to 0.5.0). The issue is a Stored XSS caused by improper input neutralization during web page generation, enabling XSS via user-supplied data. Public sources provide the root cause and affected versions but do not...

CVE-2025-58821 WordPress WP Notification Bell plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdever WP Notification Bell wp-notification-bell allows Stored XSS.This issue affects WP Notification Bell: from n/a through = 1.4.6...

CVE-2025-58821 WordPress WP Notification Bell plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdever WP Notification Bell wp-notification-bell allows Stored XSS.This issue affects WP Notification Bell: from n/a through = 1.4.6...

CVE-2025-58821

CVE-2025-58821 applies to the WordPress plugin WP Notification Bell. The vulnerability is stored XSS caused by improper input neutralization during web page generation, affecting WP Notification Bell versions up to 1.4.5 (per CVE entry); Patchstack and related sources indicate a fix may be availa...

CVE-2025-58794 WordPress Notification for Telegram plugin <= 3.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in rainafarai Notification for Telegram notification-for-telegram allows Cross Site Request Forgery.This issue affects Notification for Telegram: from n/a through = 3.5...