CVE-2026-41076

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations that use LDAP/AD for user authentication. Under certain LDAP server configurations, an attacker m...

EUVD-2026-31504

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations that use LDAP/AD for user authentication. Under certain LDAP server configurations, an attacker m...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: PCI/pwrctrl: Fixed an issue where double cleanup was performed in the case of a failure in devmaddactionorreset. When devmaddactionorreset fails, it calls the passed cleanup function. Therefore, the caller must not repeat that...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: octeontx2-pf: Fixed the use of GFPKERNEL in atomic contexts for rt. The commit 4af1b64f80fb “octeontx2-pf: Fixed the lmtst ID used in aurafree” uses get/putcpu to protect the usage of percpu pointers in the -aurafreeptr...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leaks and NULL deref in smb2lock smb2lock has three error handling issues after listdel detaches smblock from locklist at nocheckcl: 1 If vfslockfile returns an unexpected error in the non-UNLOCK path, goto out...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: Fix possible NULL dereference in sndac97mixer smatch error: sound/pci/ac97/ac97codec.c:2354 sndac97mixer error: we previously assumed 'rac97' could be null see line 2072 remove redundant assignment, return error if...

Astra Linux - уязвимость в linux, linux-5.10

A flaw was discovered in the Linux kernel’s implementation of Pressure Stall Information. Although this feature is disabled by default, it could allow an attacker to crash the system or cause other memory-corruption side effects...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

A flaw was discovered in the Linux kernel’s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packets when using NVMe over TCP. This can lead to the NVMe driver dereferencing a NULL pointer, resulting in kernel panic and a denial of service...

PT-2026-8400

Name of the Vulnerable Software and Affected Versions RSS Aggregator plugin for WordPress versions up to and including 5.0.10 Description The RSS Aggregator plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output escaping on...

@asyncapi-actions-test/trusted-publishing-test_asyncapi-cli (>=4.1.3 <=5.4.0), @asyncapi/cli (>=5.0.1 <=6.0.0) +2 more potentially affected by unknown CVE via @asyncapi/modelina-cli (=5.10.1)

@asyncapi/modelina-cli NPM version =5.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/modelina-cli and may be impacted: - @asyncapi-actions-test/trusted-publishing-testasyncapi-cli =4.1.3, =5.0.1, =1.4.14, =1.4.39 -...

CVE-2025-62012

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodexThemes TheGem Elementor thegem-elementor.This issue affects TheGem Elementor: from n/a through = 5.10.5...

CVE-2025-62046

CVE-2025-62046: WordPress TheGem Demo Import (for WPBakery) plugin up to version 5.10.5 has a Missing Authorization vulnerability that can lead to Arbitrary Content Deletion. Affected software: TheGem Demo Import (for WPBakery). Base CVSS v3.1 score: 6.5 (Medium). Connected sources confirm the is...

PT-2025-43131

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10.0-02758-g8e5f91fd772f 26 Description The Linux kernel contained a flaw within the block I/O cost blk-iocost subsystem. Specifically, the adjust inuse and calc cost function utilized spin lock irq and enabled...

CVE-2024-1659

Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server including a PHP code file without an authentication. This issue affects MegaBIP software versions through 5.10...

CVE-2024-9868

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate Widget 'url' parameter in all versions up to, and including, 5.10.1 due to insufficient input sanitization a...

Exploit for Cross-Site Request Forgery (CSRF) in Creativeitem Academy_Lms

CVE-2022-47132 Academy LMS = 5.10 CSRF Description Acad...

PT-2024-33110 · Trellix · Trellix Epolicy Orchestrator

Name of the Vulnerable Software and Affected Versions: Trellix ePolicy Orchestrator ePO on Premise versions prior to 5.10 Service Pack 1 Update 2 Description: A hardcoded credentials issue allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file,...

Trellix ePolicy Orchestrator Cross-Site Request Forgery Vulnerability

Trellix ePolicy Orchestrator is a centralized security management platform from Trellix. A security vulnerability exists in Trellix ePolicy Orchestrator versions prior to 5.10.0 CP1 Update 2 that stems from the presence of a cross-site request forgery CSRF vulnerability. A low-privileged attacker...

Proofpoint Threat Response 跨站脚本漏洞

Proofpoint Threat Response is Proofpoint's leading Security Orchestration, Automation and Response SOAR solution that enables security teams to respond faster and more effectively to the evolving threat landscape. A security vulnerability exists in Proofpoint Threat Response versions prior to...

CVE-2022-47132

A Cross-Site Request Forgery CSRF in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users...