259 matches found
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990524)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990524 advisory. In the Linux kernel, the following vulnerability has been resolved: mxser: fix xmitbuf leak in activate when LSR == 0xff When LSR is 0xff in -activate rather unlike,...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989010)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989010 advisory. In the Linux kernel, the following vulnerability has been resolved: mxser: fix xmitbuf leak in activate when LSR == 0xff When LSR is 0xff in -activate rather unlike,...
CVE-2025-9544
The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action installextension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler Forms WordPress plugin...
CVE-2025-11888
The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the postdeactive function and postactivate function in all versions up to, and including, 4.8.4...
EUVD-2025-35906
The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the postdeactive function and postactivate function in all versions up to, and including, 4.8.4...
CVE-2025-11888 ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.4 - Incorrect Authorization to Authenticated (Editor+) License Status Update
The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the postdeactive function and postactivate function in all versions up to, and including, 4.8.4...
EUVD-2023-60028
In the Linux kernel, the following vulnerability has been resolved: media: max9286: Fix memleak in max9286v4l2register There is a kmemleak when testing the media/i2c/max9286.c with bpf mock device: kmemleak: 5 new suspected memory leaks see /sys/kernel/debug/kmemleak unreferenced object...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987590)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987590 advisory. In the Linux kernel, the following vulnerability has been resolved: mxser: fix xmitbuf leak in activate when LSR == 0xff When LSR is 0xff in -activate rather unlike,...
CVE-2025-10849
The Felan Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'processpluginactions' function called via an AJAX action in versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to activate ...
CVE-2025-10849
CVE-2025-10849 : Felan Framework WordPress plugin contains an unauthorized data modification vulnerability due to a missing capability check in process_plugin_actions (AJAX). Affected versions up to 1.1.4 allow unauthenticated attackers to activate/deactivate plugins. Wordfence lists the patch st...
CVE-2025-8606
The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 1.3.23. This is due to missing or incorrect nonce validation on the activateplugin and deactivateplugin functions. This makes it possible for attackers to tri...
EUVD-2019-11585
Malware in sbrugna...
EUVD-2021-11109
Malware in sbrugna...
EUVD-2022-55035
Malicious code in bioql PyPI...
CVE-2025-9889 ContentMX Content Publisher <= 1.0.6 - Cross-Site Request Forgery
The ContentMX Content Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the cmxactivateconnection function. This makes it possible for unauthenticated attackers to bind...
PT-2025-40506
Name of the Vulnerable Software and Affected Versions ContentMX Content Publisher plugin for WordPress versions up to and including 1.0.6 Description The software is susceptible to a Cross-Site Request Forgery CSRF issue. This is caused by a lack of, or incorrect, nonce validation in the cmx...
CVE-2023-53517 tipc: do not update mtu if msg_max is too small in mtu negotiation
In the Linux kernel, the following vulnerability has been resolved: tipc: do not update mtu if msgmax is too small in mtu negotiation When doing link mtu negotiation, a malicious peer may send Activate msg with a very small mtu, e.g. 4 in Shuang's testing, without checking for the minimum mtu,...
CVE-2025-8999
The Sydney theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodules' function in all versions up to, and including, 2.56. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate...
CVE-2025-8999 Sydney <= 2.56 - Missing Authorization to Authenticated (Subscriber+) Limited Theme Options Update
The Sydney theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodules' function in all versions up to, and including, 2.56. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate...
CVE-2025-8999 Sydney <= 2.56 - Missing Authorization to Authenticated (Subscriber+) Limited Theme Options Update
The Sydney theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodules' function in all versions up to, and including, 2.56. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate...