WordPress Clearfy plugin <= 2.4.0 - Cross-Site Request Forgery to Update Notification Tampering vulnerability

Cross-Site Request Forgery to Update Notification Tampering vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Clearfy Cache versions = 2.4.0...

pipesns (=0.1.5) potentially affected by unknown CVE via aws-sdk-sns (=0.4.1)

aws-sdk-sns CARGO version =0.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on aws-sdk-sns and may be impacted: - pipesns =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

Notification Bar for WordPress <= 1.1.8 – Unauthenticated Subscriber Data Disclosure

Description The plugin exposes an unauthenticated CSV export script that discloses all stored subscriber emails. https://example.com/wp-content/plugins/8-degree-notification-bar/inc/backend/blocks/export-csv.php...

CVE-2026-21855 Tarkov Data Manager has Unauthenticated Reflected XSS

The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, a reflected Cross Site Scripting XSS vulnerability in the toast notification system allows any attacker to execute arbitrary JavaScript in the context of a victim's browser session by crafting a malicious...

SUSE CVE-2025-13352

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

PT-2026-28333

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the rust binder component related to handling binder death notifications. Specifically, the set notification done function may be called without...

PT-2026-20455

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's virtio crypto component related to spinlock protection when handling virtqueue notifications. Specifically, when a virtual machine boots with a single...

WordPress Push Notification for Post and BuddyPress plugin <= 2.07 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Push Notification for Post and BuddyPress versions = 2.07...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993045)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993045 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: ucsi: Fix NULL pointer deref in ucsiconnectorchange When ucsiinit fails, ucsi-connector is...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992337)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992337 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: ucsi: Fix NULL pointer deref in ucsiconnectorchange When ucsiinit fails, ucsi-connector is...

EUVD-2025-205632

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java. The manipulation results in cross site...

CVE-2025-15146

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This impacts the function doUserList of the file src/main/java/com/sohu/cache/web/controller/UserManageController.java. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The exploit is now...

SUSE CVE-2023-54012

In the Linux kernel, the following vulnerability has been resolved: net: fix stack overflow when LRO is disabled for virtual interfaces When the virtual interface's feature is updated, it synchronizes the updated feature for its own lower interface. This propagation logic should be worked as the...

CVE-2023-54105 can: isotp: check CAN address family in isotp_bind()

In the Linux kernel, the following vulnerability has been resolved: can: isotp: check CAN address family in isotpbind Add missing check to block non-AFCAN binds. Syzbot created some code which matched the right sockaddr struct size but used AFXDP 0x2C instead of AFCAN 0x1D in the address family...

CVE-2023-54021

CVE-2023-54021 affects the Linux kernel ext4 subsystem. The vulnerability centers on ext4_mb_normalize_request: the code must use ac_g_ex (not ac_f_ex) to communicate the goal start to ext4_mb_find_by_goal, and verify that the goal start lies within the data block range [first_data_block, blocks_...

CVE-2023-54012

The CVE-2023-54012 vulnerability in the Linux kernel describes a stack overflow risk when LRO is disabled for virtual interfaces. The root cause is a recursive-like propagation of NETDEV_FEAT_CHANGE notifications between a parent team/bond interface and its lower interfaces, instead of a strictly...

CVE-2025-12514

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon Infra Monitoring - Open-tickets Notification rules configuration parameters, Open tickets modules allows SQL Injection to user with elevated privileges.This issue affects Infra Monitoring ...

CVE-2025-8460

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Notification rules, Open tickets module allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.5, from...

CVE-2025-12514

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon Infra Monitoring - Open-tickets Notification rules configuration parameters, Open tickets modules allows SQL Injection to user with elevated privileges.This issue affects Infra Monitoring ...

CVE-2025-12514

CVE-2025-12514 affects Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open tickets modules). The root cause is improper neutralization of special elements in SQL commands, enabling SQL Injection. Affected versions are 23.10.0–23.10.4, 24.04.0–24.04.5, and 2...