Unity Linux 20.1060e / 20.1070e Security Update: SDL (UTSA-2026-017561)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017561 advisory. SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMAADPCMnibble in audio/SDLwave.c. Tenable has extracted the preceding...

WordPress Responsive Blocks – Page Builder for Blocks & Patterns plugin 2.0.9-2.2.1 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Modification vulnerability discovered by Even S in WordPress Plugin Responsive Blocks versions 2.0.9-2.2.1...

WordPress Subscribe to Download Plugin <= 2.0.9 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Subscribe to Download versions = 2.0.9...

Linux Distros Unpatched Vulnerability : CVE-2025-32997

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed. CVE-2025-32997 Note that Nessus relies on the...

CVE-2023-44475

Cross-Site Request Forgery CSRF vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin = 2.0.9 versions...

WordPress CRUDLab Like Box Plugin <= 2.0.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin CRUDLab Like Box versions = 2.0.9...

WordPress plugin Mailing Group Listserv SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

PT-2024-35886 · WordPress · Sparkle Wp Sparkle Elementor Kit

Name of the Vulnerable Software and Affected Versions: Sparkle WP Sparkle Elementor Kit versions through 2.0.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This is a Cross-site...

PT-2024-27372 · Unknown · Propertyhive

Name of the Vulnerable Software and Affected Versions: PropertyHive versions n/a through 2.0.9 Description: The issue is related to a Missing Authorization vulnerability in PropertyHive, allowing exploitation of incorrectly configured access control security levels. Recommendations: For versions...

PT-2024-21165 · Linksys · Linksys Re7000

Name of the Vulnerable Software and Affected Versions: Linksys RE7000 versions 2.0.9 through 2.0.15 Description: The issue concerns a command execution vulnerability in the AccessControlList parameter of the access control function point. This vulnerability can be exploited by an attacker to obta...

SUSE CVE-2019-14906

A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized...

PT-2023-16332 · WordPress · The Post Shortcode

Name of the Vulnerable Software and Affected Versions: The Post Shortcode WordPress plugin versions 2.0.9 and earlier Description: The issue concerns a lack of validation and escaping of certain shortcode attributes in the plugin, which could allow users with the contributor role and above to...

Ubiquiti EdgeRouter 安全漏洞

The Ubiquiti EdgeRouter is a router from Ubiquiti USA. A security vulnerability exists in Ubiquiti EdgeRouter X version 2.0.9-hotfix.6 and prior versions. An attacker could exploit this vulnerability to cause a denial of service on the system...

com.alibaba.rsocket:alibaba-broker-server (>=1.0.0 <=1.0.0.RC4), com.dorkbox.GradleVaadin:com.dorkbox.GradleVaadin.gradle.plugin (>=0.1 <=14.1.4) +247 more potentially affected by unknown CVE via com.vaadin:flow-server (>=2.0.9 <=2.5.2)

com.vaadin:flow-server MAVEN version =2.0.9, =1.0.0, =0.1, =1.4.0, =1.0, =0.0.1, =14.1.0, =14.1.0, =0.0.3, =1.0.2, =0.3.1, =1.0.2, =1.0.0, =0.5.1, =2.1.0, =2.2.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-C57F-4VP2-JQHM...

SDL: heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MSADPCMdecode in audio/SDLwave.c...

SDL: heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDLGetRGB in video/SDLpixels.c...

SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMSADPCM in audio/SDLwave.c outside the wNumCoef loop...

SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMSADPCM in audio/SDLwave.c inside the wNumCoef loop...

SDL (Simple DirectMedia Layer) Buffer Overflow Vulnerability

Simple DirectMedia Layer SDL is a multi-platform library for accessing low-level hardware and graphics and providing support for games, software and emulators. A heap-based buffer overflow vulnerability exists in the 'SDLFillRect' function in the video/SDLsurface.c file in SDL versions 1.2.15 and...

ALPINE-CVE-2019-7636

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDLGetRGB in video/SDLpixels.c...