PT-2026-1763

Name of the Vulnerable Software and Affected Versions Gutenverse Form plugin for WordPress versions prior to 2.3.3 Description The Gutenverse Form plugin for WordPress is susceptible to Stored Cross-Site Scripting through SVG file uploads. The plugin’s framework component allows SVG files through...

CVE-2025-69263

CVE-2025-69263 affects the pnpm package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without an integrity hash, enabling a remote server to serve different content on each install. An attacker publishing a package with an HTTP tarba...

CVE-2026-1234

A security issue was identified in the Llama Stack server when PGVector is used as a vector store provider. During initialization, the server logs print the PGVector database password in clear text. This occurs due to insufficient redaction of sensitive configuration fields. As a result, anyone...

CVE-2025-69344

Missing Authorization vulnerability in themehunk Oneline Lite oneline-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Oneline Lite: from n/a through = 6.6...

CVE-2019-7886

A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multiple security relevant contexts...

CVE-2019-12510

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API "/soap/serversa" by supplying a malicious X-Forwarded-For header of the device's LAN IP address 192.168.1.1 in every request. As a result, an attacker may...

CVE-2019-12766

An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors...

PT-2026-1591

Name of the Vulnerable Software and Affected Versions SVG Map Plugin for WordPress versions prior to 1.0.1 Description The software is susceptible to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on multiple AJAX actions. Specifically, the AJAX actions ‘save data’,...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000469)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000469 advisory. In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000213)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000213 advisory. The Linux kernel 4.x starting from 4.1 and 5.x before 5.0.8 allows Information Exposure partial kernel address disclosure, leading to a KASLR bypass. Specifically, i...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000277)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000277 advisory. In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the...

ImageMagick < 7.1.2-12 Multiple Vulnerabilities

The remote host has a version of ImageMagick installed that is prior to 7.1.2-12. It is, therefore, affected by multiple vulnerabilities. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SV...

CVE-2025-63082

Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags...

CVE-2025-63083

CVE-2025-63083 is a Joomla! Core issue describing a lack of output escaping that enables a cross-site scripting (XSS) vector in the pagebreak plugin. The connected sources specify affected software (Joomla! core, pagebreak/plugin code paths) and indicate an XSS risk arising from insufficient esca...

CVE-2025-14120

The URL Image Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.7 due to insufficient sanitization of SVG files. This makes it possible for authenticated attackers, with Author-level access and above, to injec...

SUSE CVE-2017-18890

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request...

SUSE CVE-2024-41260

A static initialization vector IV in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information email addresses when in possession of the audit events database...

PT-2026-1410

Name of the Vulnerable Software and Affected Versions URL Image Importer plugin for WordPress versions up to and including 1.0.7 Description The URL Image Importer plugin for WordPress is susceptible to Stored Cross-Site Scripting through SVG file uploads. Insufficient sanitization of SVG files...

Security Parameter Analysis of the LINEture Post-Quantum Digital Signature Scheme

This paper presents a comprehensive cryptographic analysis of the security parameters of the LINEture post-quantum digital signature scheme, which is constructed using matrix algebra over elementary abelian 2-groups. We investigate the influence of three principal parameters. First, the word size...

GHSA-M2Q5-XHQG-92R2 evershop allows unauthenticated attackers to exhaust application server's resources via "GET /images" API

A Denial of Service DoS vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to limit the height of the use-element shadow tree or the dimensions of pattern tiles during the...