Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004161)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004161 advisory. In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaserusb/kvaserusbleaf.c driver, a...

Use of Default Credentials

Overview Affected versions of this package are vulnerable to Use of Default Credentials for the admin account. An attacker can gain full administrative access by using the default credentials if the password is not changed after deployment. Workaround This vulnerability can be mitigated by loggin...

GHSA-8PXW-9C75-6W56 NeuVector admin account has insecure default password

Impact A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in admin account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the defau...

GHSA-W54X-XFXG-4GXQ NeuVector process with sensitive arguments lead to leakage

Impact When a Java command with password parameters is executed and terminated by NeuVector for Process rule violation. For example, java -cp /app ... Djavax.net.ssl.trustStorePassword= The command with the password appears in the NeuVector security event. To prevent this, NeuVector uses the...

Missing Password Field Masking

Overview Affected versions of this package are vulnerable to Missing Password Field Masking due to improper handling of process command arguments containing sensitive information. An attacker can obtain confidential data by accessing security event logs where sensitive arguments, such as password...

Use of Password Hash With Insufficient Computational Effort

Overview Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the use of a simple, unsalted hash for storing user passwords and API keys. An attacker can obtain sensitive information by performing offline rainbow table attacks...

PT-2025-35111

Name of the Vulnerable Software and Affected Versions: NeuVector versions prior to 5.4.6 Description: NeuVector process handling can lead to the leakage of sensitive arguments, such as passwords, within security event logs. The software uses regular expressions to detect and redact sensitive data...

CVE-2015-6495

There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles...

CVE-2025-27309

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeannot Muller flickr-slideshow-wrapper flickr-slideshow-wrapper allows Stored XSS.This issue affects flickr-slideshow-wrapper: from n/a through = 5.4.6...

WordPress plugin flickr-slideshow-wrapper 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-39650 · WordPress · The Poll Maker – Versus Polls

Name of the Vulnerable Software and Affected Versions: The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress versions up to, and including, 5.4.6 Description: The issue is related to Stored Cross-Site Scripting via poll settings due to insufficient input sanitization an...

WordPress Poll Maker plugin <= 5.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Poll Maker versions = 5.4.6...

WordPress Poll Maker Plugin <= 5.4.6 is vulnerable to Cross Site Scripting (XSS)

Software Poll Maker Type Plugin Vulnerable versions = 5.4.6 Fixed in 5.4.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9462 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 285124c9b4b8 Credits Jonas Benjamin Friedli Requir...

VulnCheck KEV: CVE-2024-9265

The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6. This is due to the plugin not properly restricting the roles that can set during registration through the echocheckpostheadersent function. This makes...

WordPress Echo RSS Feed Post Generator Plugin for WordPress Plugin <= 5.4.6 is vulnerable to Privilege Escalation

Software Echo RSS Feed Post Generator Plugin for WordPress Type Plugin Vulnerable versions = 5.4.6 Fixed in 5.4.7 OWASP Top 10 A4: Insecure Design Classification Privilege Escalation CVE CVE-2024-9265 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 2e4345a54622 Credits...

PT-2024-31793 · Vite · Vite

Name of the Vulnerable Software and Affected Versions: Vite versions prior to 3.2.11 Vite versions prior to 4.5.5 Vite versions prior to 5.2.14 Vite versions prior to 5.3.6 Vite versions prior to 5.4.6 Description: A DOM Clobbering vulnerability was discovered in Vite when building scripts to...

WordPress kk Star Ratings Plugin < 5.4.6 Race Condition Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:kkstarratingsproject:kkstarratings"; ifdescription...

Vulnerabilities fixed in IBM Spectrum Control

IBM has fixed vulnerabilities in several components of IBM Spectrum Control. These include vulnerabilities in third-party software parties such as Apache Log4j, Dojo, Java SE, Gson and Websphere Liberty. A malicious party could exploit the vulnerabilities to cause damage cause damage in the...

WordPress 5.7 < 5.7.2 / 5.6 < 5.6.4 / 5.5 < 5.5.5 / 5.4 < 5.4.6 / 5.3 < 5.3.8 / 5.2 < 5.2.11

WordPress versions 5.7 5.7.2 / 5.6 5.6.4 / 5.5 5.5.5 / 5.4 5.4.6 / 5.3 5.3.8 / 5.2 5.2.11 are affected by one or more vulnerabilities %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from WordPress Security Advisory...

Linux kernel memory leak vulnerability (CNVD-2020-03122)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the drivers/net/can/usb/kvaserusb/kvaserusbleaf.c driver in Linux kernel 5.4.6 and earlier. An attacker can exploit this vulnerabili...