Cross-site Request Forgery (CSRF)

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the sendlogin process in modules/registration.php when a registration-administrator visits a...

CVE-2026-41073

RT is an open source, enterprise-grade issue and ticket tracking system. Versions prior to 5.0.10 and 6.0.0 through 6.0.2 contain a spreadsheet CSV/formula injection vulnerability. User-controlled data in spreadsheet exports is not sanitized before being written to the output file, which can caus...

Astra Linux - уязвимость в redis

A heap overflow issue was discovered in Redis versions prior to 5.0.10, before 6.0.9, and before 6.2.0, when using a heap allocator other than jemalloc or glibc’s malloc function. This issue could lead to out-of-bound writing or the crash of the process. Essentially, this flaw does not affect the...

CVE-2026-1216

The RSS Aggregator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'template' parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated...

WordPress RSS Aggregator plugin <= 5.0.10 - Reflected Cross-Site Scripting via 'template' Parameter vulnerability

Reflected Cross-Site Scripting via 'template' Parameter vulnerability discovered by zer0gh0st in WordPress Plugin WP RSS Aggregator versions = 5.0.10...

WordPress plugin RSS Aggregator 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-14745

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-rss-aggregator' shortcode in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on...

CVE-2025-14745 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via wp-rss-aggregator Shortcode

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-rss-aggregator' shortcode in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000189)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000189 advisory. An issue was discovered in the Linux kernel before 5.0.10. SMB2negotiate in fs/cifs/smb2pdu.c has an out- of-bounds read because data structures are incompletely...

WordPress Newsup Theme <= 5.0.10 is vulnerable to Broken Access Control

Software Newsup Type Theme Vulnerable versions = 5.0.10 Fixed in 5.0.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-8682 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9037492b67e8 Credits Dmitrii Ignatyev Required privilege...

CVE-2025-8682 Newsup <= 5.0.10 - Missing Authorization to Authenticated (Subscriber+) Plugin Installation

The Newsup theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the newsupadmininfoinstallplugin function in all versions up to, and including, 5.0.10. This makes it possible for unauthenticated attackers to install the ansar-import plugin...

Apache Felix Webconsole: XSS in services console

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8. Users are recommended to upgrade to version 4.9.10 or 5.0.10 or higher, which fixes the issu...

DEBIAN-CVE-2024-53908

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. Applications that use the...

Over 100,000 WordPress Websites Affected by XSS and SQLi Vulnerabilities in Slimstat Analytics Plugin

On August 24, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting XSS and a Blind SQL Injection vulnerability in the Slimstat Analytics plugin, which is actively installed on more than 100,000 WordPress websites. T...

PT-2023-20594 · Hewlett Packard · Hp Device Manager

Name of the Vulnerable Software and Affected Versions: HP Device Manager versions prior to 5.0.10 Description: The issue potentially allows command injection and/or elevation of privileges. Recommendations: For versions prior to 5.0.10, update to version 5.0.10 or later to resolve the issue...

PT-2023-20595 · Hewlett Packard · Hp Device Manager

Name of the Vulnerable Software and Affected Versions: HP Device Manager versions prior to 5.0.10 Description: The issue potentially allows command injection and/or elevation of privileges. Recommendations: For versions prior to 5.0.10, update to version 5.0.10 or later to resolve the issue...

PT-2023-20591 · Hewlett Packard · Hp Device Manager

Name of the Vulnerable Software and Affected Versions: HP Device Manager versions prior to 5.0.10 Description: The issue could potentially allow command injection and/or elevation of privileges. Recommendations: For versions prior to 5.0.10, update to version 5.0.10 or later to resolve the issue...

PT-2023-20593 · Hewlett Packard · Hp Device Manager

Name of the Vulnerable Software and Affected Versions: HP Device Manager versions prior to 5.0.10 Description: The issue potentially allows command injection and/or elevation of privileges. Recommendations: For versions prior to 5.0.10, update to version 5.0.10 or later to resolve the issue...

CVE-2021-37713

The npm package "tar" aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, ...

node-tar 路径遍历漏洞

node-tar is a package for file compression/decompression. A path traversal vulnerability exists in node-tar, which stems from an arbitrary file creation override and arbitrary code execution vulnerability in the npm package "tar" aka node-tar before 4.4.18, 5.0.10, and 6.1.9. An attacker could us...