CVE-2025-12886 Oxygen <= 6.0.8 - Unauthenticated Server-Side Request Forgery via route_path

The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laboratorcalcroute AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web applicati...

GHSA-R5J5-Q42H-FC93 Mautic is Vulnerable to SQL Injection through Contact Activity API Sorting

Summary This advisory addresses a SQL Injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validate...

CVE-2025-69299

Server-Side Request Forgery SSRF vulnerability in Laborator Oxygen oxygen allows Server Side Request Forgery.This issue affects Oxygen: from n/a through = 6.0.8...

CVE-2022-47432

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB allows SQL Injection.This issue affects Shortcode IMDB: from n/a through 6.0.8...

WordPress Page Visit Counter Plugin <= 6.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Page Visit Counter Type Plugin Vulnerable versions = 6.0.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2a559c6794f4 Credits Rafie Muhammad Patchstack...

Spring Framework 安全漏洞

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. A security vulnerability exists in Spring Framework that originates from a denial of service DoS by supplying a specially crafted Sp...

CVE-2023-26607

In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfsattrfind in fs/ntfs/attrib.c...

Linux kernel 缓冲区错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel version 6.0.8, which stems from the presence of out-of-bounds reads...

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel version 6.0.8, which stems from the presence of post-release reuse...

GSD-2022-1007851 ipvs: fix WARNING in __ip_vs_cleanup_batch()

ipvs: fix WARNING in ipvscleanupbatch This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.8 by commit e724220b826e008764309d2a1f55a9434a4e1530,...

GSD-2022-1007809 ext4: fix warning in 'ext4_da_release_space'

ext4: fix warning in 'ext4dareleasespace' This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.8 by commit...

PT-2022-36110 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.8 Description: The issue is related to a use after free in the red enqueue function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...

PT-2022-36090 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.8 Description: A possible memory leak issue was discovered, which may have potential security implications. The issue was introduced in version v5.15 and is fixed in version v6.0.8. Recommendations: For Lin...

PT-2022-36072 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.8 Description: The issue is related to an integer overflow in the ghes estatus pool init function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

PT-2022-36063 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.8 Description: The issue is related to the ext4 file system, where a directory entry with an invalid rec len can trigger a BUG ON condition. The actual impact and potential for exploitation have not been...

PT-2022-36086 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.8 Description: The issue concerns a problem with tree mod log handling of reallocated nodes in btrfs. The actual impact and potential for attack have not been proven yet. Recommendations: For Linux Kernel...

PT-2022-36076 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.8 Description: The issue is related to avoiding kprobe recursion in the arm64 entry of the Linux Kernel. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

PT-2022-36081 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.8 Description: A potential security issue has been identified in the Linux Kernel, related to a cxl/region leak. The issue is associated with the cleanup of targets at region delete. The actual impact and...

Oracle Reports Server 6.0.8/9.0.x XML File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14311/info Oracle Reports Server may allow remote attackers to disclose parts of arbitrary XML files. Reportedly, the server fails to restrict users from accessing parts of arbitrary XML files when handling specially...

TYPO3 File Abstraction Code Execution Vulnerability

TYPO3 is prone to a code execution vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescription...