PYSEC-2026-198

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

CVE-2026-8206 Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the plugin accepting an arbitrary email address when a username is used in the password reset request. Thi...

CVE-2026-8206

The Kirki plugin for WordPress (Kirki – Freeform Page Builder, Website Builder & Customizer) versions 6.0.0–6.0.6 contain an unauthenticated privilege-escalation flaw in the password-reset flow. When a username is provided, the code ignores the target user’s email and uses the email supplied in t...

WordPress plugin Kirki – Freeform Page Builder, Website Builder & Customizer 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Kamailio 缓冲区错误漏洞

Kamailio is an open-source implementation of a SIP signaling server developed by Kamailio. Versions of Kamailio prior to 6.1.1, 6.0.6, and 5.8.8 contained a buffer error vulnerability. This vulnerability stemmed from out-of-bounds access, which could lead to denial of service attacks...

UBUNTU-CVE-2025-64507

Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true...

CVE-2025-64507 Incus vulnerable to local privilege escalation through custom storage volumes

Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true...

Linux Distros Unpatched Vulnerability : CVE-2019-2574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.2.28 and...

Linux Distros Unpatched Vulnerability : CVE-2019-2722

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.2.28 and...

WordPress Course Booking System plugin <= 6.0.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Course Booking System versions = 6.0.6...

PT-2023-13365 · Ibm · Ibm Jazz Foundation

Name of the Vulnerable Software and Affected Versions: IBM Jazz Foundation IBM Engineering Lifecycle Management versions 6.0.6 through 7.0.2 Description: The issue could disclose sensitive version information to a user, which could be used in further attacks against the system. Recommendations: F...

SUSE CVE-2019-2721

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

IBM Engineering Lifecycle Optimization 安全漏洞

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from IBM America. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure the entire organization has...

CVE-2019-2690

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualB...

Unspecified Vulnerability in Oracle Virtualization VM VirtualBox Component (CNVD-2019-36163)

Oracle Virtualization is a set of virtualization solutions from Oracle Corporation. The product is used to unify the management of the entire hardware and software system from applications to disks, enabling virtualization from the desktop to the data center.VM VirtualBox is one of the virtual...

IBM Publishing Engine Cross-Site Scripting Vulnerability

IBM Publishing Engine is a U.S. IBM automated document generation solution. The program can generate Rational product documentation , but also supports the choice of other vendors to generate documentation for the application . A cross-site scripting vulnerability exists in IBM Publishing Engine...

CVE-2018-1657

IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID:...

IBM Rational Publishing Engine Cross-Site Scripting Vulnerability (CNVD-2018-21188 )

IBM Rational Publishing Engine is a set of document automation solutions from IBM. The program can generate Rational product documentation , but also supports the choice of other vendors to generate documentation for the application . A cross-site scripting vulnerability exists in IBM Rational...