CVE-2026-21037

Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege...

CVE-2026-39864 Kamailio Auth: Processing Vulnerability For Additional Authenticated User Identity Checks

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted SIP packet if a successful user...

CVE-2026-5529 Dromara lamp-cloud DefUserController pageUser improper authorization

A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now...

CVE-2024-14024

An improper certificate validation vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the...

EUVD-2025-208519

A Stored Cross-Site Scripting XSS vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.22 and earlier. The application fails to properly sanitize or validate user-supplied input in the "link" field of a comment. An attacker can inject arbitrary JavaScript code using...

CVE-2025-70128

A Stored Cross-Site Scripting XSS vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.22 and earlier. The application fails to properly sanitize or validate user-supplied input in the "link" field of a comment. An attacker can inject arbitrary JavaScript code using...

Fedora 43 : kustomize (2025-ecfd96d6a3)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-ecfd96d6a3 advisory. Update to 5.8.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...

CVE-2025-13773 Print Invoice & Delivery Notes for WooCommerce <= 5.8.0 - Unauthenticated Remote Code Execution

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the 'WooCommerceDeliveryNotes::update' function. This is due to missing capability check in the 'WooCommerceDeliveryNotes::update' functio...

CVE-2025-62997

Insertion of Sensitive Information Into Sent Data vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Retrieve Embedded Sensitive Data.This issue affects WP EasyCart: from n/a through = 5.8.11...

CVE-2025-50017 WordPress WP Voting Contest plugin <= 5.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Matt WP Voting Contest wp-voting-contest allows Stored XSS.This issue affects WP Voting Contest: from n/a through = 5.8...

Fedora: Security Advisory (FEDORA-2025-7f00e5e744)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 5.8.3 release and security update

Red Hat JBoss Web Server 5.8.3 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVS...

PT-2025-54268

Name of the Vulnerable Software and Affected Versions cbor2 versions 3.0.0 through 5.7.0 Description cbor2 is a library for encoding and decoding the Concise Binary Object Representation CBOR serialization format. A flaw exists where, when a CBORDecoder instance is reused across multiple decode...

Yamcs Cross-Site Scripting Vulnerability

Yamcs is an open source software framework from Yamcs Open Source. It is used to command and control spacecraft, satellites, payloads, ground stations and ground equipment. A security vulnerability exists in Yamcs version 5.8.6, which originates from a method that allows you to upload an HTML fil...

Hutool 缓冲区错误漏洞

Hutool is a small but complete Java tool library for the Chinese Dromara community. A security vulnerability exists in Hutool version v5.8.10, which originates from a stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component, allowing an attacker to cause a denial of servic...

CVE-2022-42176

In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access...

PT-2022-19512 · Nagios · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI versions 5.8.5 and earlier Description: The issue allows a user to change their e-mail address without password verification. Recommendations: For Nagios XI versions 5.8.5 and earlier, at the moment, there is no information about a...

Directum Cross-Site Scripting Vulnerability

Directum is an application system of the Russian company Directum. An intelligent digital process and documentation system. A cross-site scripting vulnerability exists in Settings.aspx?view=About in Directum version 5.8.2. An attacker can exploit this vulnerability via the HTTP User-Agent header ...

LavaLite 跨站脚本漏洞

Lavalite is an open source content management system developed using the Laravel framework. A cross-site scripting vulnerability exists in LavaLite version 5.8.0. The vulnerability can be exploited to conduct cross-site scripting attacks via the "address" field...

net-snmp: NULL pointer exception in snmp_oid_compare in snmplib/snmp_api.c resulting in a denial of service

snmpoidcompare in snmplib/snmpapi.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service...