LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 CVSS score: 10.0, relates to an instance of incorrect privilege assignment that an attacker could abuse to run arbitrary scripts...

EUVD-2025-209603

IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions...

Exploit for Race Condition in Openbsd Openssh

CVE-2018-15473 — SSH Username Enumeration Tool A Python 3 r...

WordPress plugin amr cron manager 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

WordPress plugin Make Section Column Clickable For Elementor 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that provides the ability to set up a personal blog site on a PHP and MySQL based server. A cross-site scripti...

Ubuntu: Security Advisory (USN-7840-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Browser Sniff plugin <= 2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Browser Sniff versions = 2.3...

WordPress plugin Metadata SEO 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-1523 · Unknown · My Shortcodes

Name of the Vulnerable Software and Affected Versions: My Shortcodes versions 2.3 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For My Shortcodes versions 2.3...

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform versions 2.3 through 16.3.0, which originates from the ability of any user with scripting privileges to execute arbitrary remote code by...

CVE-2024-43232

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WP OnlineSupport, Essential Plugin Timeline and History slider allows PHP Local File Inclusion.This issue affects Timeline and History slider: from n/a through 2.3...

PT-2024-22601 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 2.3 through 2.3.0p5 Description: The issue is related to improper restriction of excessive authentication attempts with two factor authentication methods, which facilitates brute-forcing of second factor mechanisms...

WordPress WP Visitors Tracker plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dave Jong Patchstack in WordPress Plugin WP Visitors Tracker versions = 2.3...

app.valuationcontrol:webservice (>=0.5.0 <=0.5.1), ba.sake:sharaf_3 (>=0.0.7 <=0.3.0) +695 more potentially affected by CVE-2024-1459 via io.undertow:undertow-core (>=2.3.0.Alpha1 <=2.3.11.Final)

io.undertow:undertow-core MAVEN version =2.3.0.Alpha1, =0.5.0, =0.0.7, =22.11.0, =22.11.0, =0.0.1-jdk17-RELEASES, =0.0.1-jdk17-RELEASES, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.20 and more Source cves: CVE-2024-1459 Source advisory: OSV:GHSA-V76W-3PH8-VM66...

app.valuationcontrol:webservice (>=0.5.0 <=0.5.1), ba.sake:deder-publish-example_3 (=0.0.1) +1460 more potentially affected by CVE-2023-3223 via io.undertow:undertow-core (>=2.3.0.Alpha1 <=2.3.8.Final)

io.undertow:undertow-core MAVEN version =2.3.0.Alpha1, =0.5.0, =0.10.0, =0.0.1, =1.1.15, =1.0.6, =1.0.6, =1.0.6, =2.0.1, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =2.1.1 and more Source cves: CVE-2023-3223 Source advisory: SNYK:JAVA-IOUNDERTOW-11520814...

USN-6055-2 ruby2.3, ruby2.5, ruby2.7 regression

USN-6055-1 fixed a vulnerability in Ruby. Unfortunately it introduced a regression. This update reverts the patches applied to CVE-2023-28755 in order to fix the regression pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that Ruby...

CVE-2023-28096 OpenSIPS has memory leak in cJSON lib

OpenSIPS, a Session Initiation Protocol SIP server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function parsemirequest while performing coverage-guided fuzzing. This issue can be reproduced by sending...

OpenSIPS 安全漏洞

OpenSIPS is a GPL-licensed SIP server implementation from the individual developers of OpenSIPS. A security vulnerability exists in OpenSIPS versions 2.3 through 3.2, which stems from a memory leak detected via the function parsemirequest...

PT-2023-15981 · WordPress · Evision Responsive Column Layout Shortcodes

Name of the Vulnerable Software and Affected Versions: eVision Responsive Column Layout Shortcodes WordPress plugin versions 2.3 and earlier Description: The issue concerns the eVision Responsive Column Layout Shortcodes WordPress plugin, which does not properly validate and escape some of its...

CVE-2022-33874

An improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the...