CVE-2026-9016

The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and including, 2.5.0. This is due to the logjserrors AJAX handler being registered for unauthenticated users via...

CVE-2026-27166

Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and 2026.1.2, insufficient cleanup in the default Codepen allowed iframes value allows an attacker to trick a user into changing the URL of the main page. This issue has been fixed in versions...

CVE-2025-71139

In the Linux kernel, the following vulnerability has been resolved: kernel/kexec: fix IMA when allocation happens in CMA area Bug description When I tested kexec with the latest kernel, I ran into the following warning: 40.712410 ------------ cut here ------------ 40.712576 WARNING: CPU: 2 PID:...

CVE-2025-71139

CVE-2025-71139 – Linux kernel kexec CMA/IMA handling : The issue arises when the kexec target address is allocated in CMA space. The kernel’s kimage_map_segment() path assumes IND_SOURCE pages exist and maps them via vmap(), but CMA-based allocation bypasses IND_SOURCE, leading to a warning and i...

EUVD-2025-201880

The Login Security, FireWall, Malware removal by CleanTalk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the page URL in all versions up to, and including, 2.168 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

CVE-2025-13604

The Login Security, FireWall, Malware removal by CleanTalk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the page URL in all versions up to, and including, 2.168 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

CVE-2025-13604 Login Security, FireWall, Malware removal by CleanTalk <= 2.168 - Unauthenticated Stored Cross-Site Scripting via Page URL

The Login Security, FireWall, Malware removal by CleanTalk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the page URL in all versions up to, and including, 2.168 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

PT-2025-49799

Name of the Vulnerable Software and Affected Versions CleanTalk plugin for WordPress versions prior to 2.169 Description The Login Security, FireWall, Malware removal by CleanTalk plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization an...

EUVD-2008-4178

Malware in sbrugna...

DRUPAL-CONTRIB-2025-101

This module enables you to protect individual pages with a password. The module doesn't limit the number of password attempts, making it vulnerable to brute force attacks. This vulnerability is mitigated by the fact that an attacker must know the protected page's URL. CVSS risk score experimental...

SUSE CVE-2024-41048

In the Linux kernel, the following vulnerability has been resolved: skmsg: Skip zero length skb in skmsgrecvmsg When running BPF selftests ./testprogs -t sockmapbasic on a Loongarch platform, the following kernel panic occurs: ... Oops1: CPU: 22 PID: 2824 Comm: testprogs Tainted: G OE 6.10.0-rc2+...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from passing a null pointer to the pageaddress function in the skmsgrecvmsg function when handling zero-length...

PT-2023-7654 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue is related to the lack of protection of the web page structure in Adobe Experience Manager AEM, which can be exploited by a remote attacker to execute arbitrary code....

CVE-2022-1047

The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability...

CVE-2020-6808

When a JavaScript URL javascript: is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL as reported by the document.location property, for example was the originating javascript: URL which could lead to...

The vulnerability of the iOS operating system allows a hacker to replace the content of web pages.

The vulnerability of the Safari browser’s user interface on the iOS operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to replace a web page by changing its URL address...

SAP EMR Unwired and Clinical Task Tracker Access Restriction Bypass Vulnerabilities

SAP EMR Unwired is a mobile app that enables physicians and nurses to instantly access patient data when they need it.SAP Clinical Task Tracker is an easy and secure way to access clinical tasks assigned to your patients anytime, anywhere. SAP EMR Unwired and Clinical Task Tracker fail to properl...

FreeBSD : opera -- multiple vulnerabilities (aab187d4-e0f3-11df-b1ea-001999392805)

The Opera Desktop Team reports : - Fixed an issue that allowed cross-domain checks to be bypassed, allowing limited data theft using CSS, as reported by Isaac Dawson. - Fixed an issue where manipulating the window could be used to spoof the page address. - Fixed an issue with reloads and redirect...

Opera < 10.63 Multiple Vulnerabilities

Binary data 5678.prm...

Manipulating the window can be used to spoof the page address

Web page scripts can be used to alter the size of the browser window. In some cases, this manipulation can cause the wrong part of the Web page address to be displayed in the Address Bar, so that the part that is initially visible to the user is not the start of the address, and may contain conte...