CVE-2026-5107 affecting package frr for versions less than 10.5.0-2

CVE-2026-5107 affecting package frr for versions less than 10.5.0-2. A patched version of the package is available...

CVE-2021-22175

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled...

Oracle Linux 8 : mariadb:10.5 (ELSA-2026-0233)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-0233 advisory. galera Judy mariadb 3:10.5.29-3 - Release bump for rebuild Tenable has extracted the preceding description block directly from the Oracle Linux security advisor...

EUVD-2025-202435

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISP.DLL from its installation directory without sufficient integrity validation or a secure search order. A...

CVE-2025-34398

MailEnable versions prior to 10.54 are affected by a reflected XSS in the AddressesBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesBcc value is not properly sanitized when processed via GET and is reflected inside a JavaScript script block (var sAddrBcc). An attacker can ter...

SUSE CVE-2025-64756

Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c are...

CVE-2025-62910

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in deshine Video Gallery by Huzzaz huzzaz-video-gallery allows Stored XSS.This issue affects Video Gallery by Huzzaz: from n/a through = 10.5...

EUVD-2025-36029

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in deshine Video Gallery by Huzzaz huzzaz-video-gallery allows Stored XSS.This issue affects Video Gallery by Huzzaz: from n/a through = 10.5...

CVE-2025-62910 WordPress Video Gallery by Huzzaz plugin <= 10.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in deshine Video Gallery by Huzzaz huzzaz-video-gallery allows Stored XSS.This issue affects Video Gallery by Huzzaz: from n/a through = 10.5...

CVE-2025-62910

CVE-2025-62910 describes a Stored XSS in WordPress Video Gallery by Huzzaz plugin (huzzaz-video-gallery) for versions up to 10.5. Root cause: improper neutralization of input during web page generation. Impact per cited metrics: Stored XSS with MEDIUM risk (CVSS v3.1 base 5.4). Status in connecte...

WordPress plugin Video Gallery by Huzzaz 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2025-43788

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in deshine Video Gallery by Huzzaz huzzaz-video-gallery allows Stored XSS.This issue affects Video Gallery by Huzzaz: from n/a through = 10.5...

WordPress Video Gallery by Huzzaz plugin <= 10.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Video Gallery by Huzzaz versions = 10.5...

IBM Security Verify Information Queue 安全漏洞

IBM Security Verify Information Queue is a microservices architecture integration platform that leverages Kafka technology and a publish/subscribe model to integrate data between IBMSecurity products, acting as a cross-product data exchange hub. A denial of service vulnerability exists in IBM...

Linux Distros Unpatched Vulnerability : CVE-2011-2813

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service memory corruption and...

Linux Distros Unpatched Vulnerability : CVE-2025-46646

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Artifex Ghostscript before 10.05.0, decodeutf8 in base/gputf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for...

Linux Distros Unpatched Vulnerability : CVE-2021-22175

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5...

CVE-2025-49810

Mattermost versions 10.5.x = 10.5.8 fail to validate access controls at time of access which allows user to read a thread via AI posts...

CVE-2025-49810

Summary: Mattermost Server 10.5.x

SUSE CVE-2025-6227

Mattermost versions 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API...