Unity Linux 20.1070e Security Update: xz (UTSA-2026-014304)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014304 advisory. XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was used to decode an Index that...

CVE-2026-34743

XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was used to decode an Index that contained no Records, the resulting lzmaindex was left in a state where where a subsequent lzmaindexappend would allocate too little...

EUVD-2021-1153

Malware in sbrugna...

EUVD-2024-32185

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-21662

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users like author ...

CVE-2024-3606

The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the pmuploadcoverimage function in all versions up to, and including, 5.8.3. This makes it possible for authenticated...

PT-2024-26871 · WordPress · Profilegrid

Name of the Vulnerable Software and Affected Versions: The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress versions up to, and including, 5.8.3 Description: The issue is related to a missing capability check on the pm upload cover image function, allowing...

PT-2024-19502 · WordPress · Event Tickets/Registration

Name of the Vulnerable Software and Affected Versions: Event Tickets and Registration plugin for WordPress versions prior to 5.8.3 Description: The issue allows authenticated attackers with contributor access or higher to extract sensitive data, including emails and street addresses, via the RSVP...

WordPress Premium Packages Plugin <= 5.8.2 is vulnerable to Cross Site Scripting (XSS)

Software Premium Packages Type Plugin Vulnerable versions = 5.8.2 Fixed in 5.8.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29924 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID fd83d5609f73 Credits Yudistira Arya Required privile...

BIT-WORDPRESS-2022-21663 Authenticated Object Injection in Multisites in WordPress

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...

BIT-WORDPRESS-MULTISITE-2022-21661 SQL injection in WordPress

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WPQuery, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress...

BIT-WORDPRESS-2022-21664 SQL injection in WordPress

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected...

Cross site scripting

The Bonus for Woo WordPress plugin before 5.8.3 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress Plugin Bonus for Woo Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

CVE-2023-27114

radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasmdis at p/wasm/wasm.c...

Debian DLA-2884-1 : wordpress - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2884 advisory. - WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WPQuery, there c...

WordPress WP_Query SQL Injection Vulnerability

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress has a SQL injection vulnerability in versions prior to 5.8.3, which stems from the lack of validation of externally...

DEBIAN-CVE-2022-21661

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WPQuery, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress...

CVE-2022-21661

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WPQuery, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress...

Double free

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users like author in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched...