CVE-2022-31231

Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management IAM module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data...

2026-05 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 for x64 (KB5088861)

2026-05 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 for x64 KB5088861...

2026-04 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2 for x64 (KB5084067)

2026-04 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2 for x64 KB5084067...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssl (UTSA-2026-005350)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005350 advisory. Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer...

CVE-2025-15469

Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms such as Ed25519, Ed448, or ML-DSA m...

WordPress Penci Review plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Penci Review versions = 3.5...

WordPress Yada Wiki plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Yada Wiki versions = 3.5...

CVE-2025-32283 WordPress Solar Energy theme <= 3.5 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Solar Energy solar allows Object Injection.This issue affects Solar Energy: from n/a through = 3.5...

2025-10 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows Server 2019 for x64 (KB5066738)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

Linux Distros Unpatched Vulnerability : CVE-2019-14829

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creation capabilities wer...

CVE-2025-8218

The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'changerolemember' parameter in all versions up to, and including, 3.5. This is due to a lack of restriction in the profile update role. This makes it possible for...

WordPress Real Spaces Theme <= 3.5 is vulnerable to Privilege Escalation

Software Real Spaces Type Theme Vulnerable versions = 3.5 Fixed in 3.6 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2025-8218 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID dbcfbeba0421 Credits Alyudin Nafiie...

UBUNTU-CVE-2025-54352

WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior...

RICOH Streamline NX V3 PC Client 路径遍历漏洞

RICOH Streamline NX V3 PC Client is a complete solution for large-scale, integrated management of devices from Ricoh RICOH Japan. A path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 through 3.242.0, which originates from a path traversal and could lead to the...

PT-2025-1962 · WordPress · Gohero Store Customizer For Woocommerce

Name of the Vulnerable Software and Affected Versions: GoHero Store Customizer for WooCommerce plugin for WordPress versions up to, and including, 3.5 Description: The issue allows unauthorized modification of data due to a missing capability check on the wooh action settings save frontend...

PT-2024-35338 · Shopready · Shopready

Name of the Vulnerable Software and Affected Versions: Shopready versions n/a through 3.5 Description: The issue affects the Shopready PHP application, allowing for PHP Local File Inclusion due to improper control of filename for include/require statement. This is related to a 'PHP Remote File...

PT-2024-33341 · Mbed Tls · Mbed Tls

Name of the Vulnerable Software and Affected Versions: Mbed TLS versions 3.5.x through 3.6.x before 3.6.2 Description: The issue is related to a buffer underrun in the pkwrite function when writing an opaque key pair. Recommendations: For Mbed TLS versions 3.5.x through 3.6.x before 3.6.2, update...

ALPINE-CVE-2023-49288

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with...

PT-2023-26181 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 3.5-milestone-1 through 14.10.7 XWiki Platform versions 15.3-rc-1 and earlier Description: Triggering the office converter with a specially crafted file name allows writing the attachment's content to an...

CVE-2023-39616

AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assignframebufferp in av1/common/av1commonint.h...