EUVD-2026-29391

The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kcseoativetab parameter in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-3604

The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kcseoativetab parameter in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2026-39946

The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kcseo ative tab parameter in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress plugin WP SEO Structured Data Schema 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

[SECURITY] [DLA 4578-1] rails security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4578-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler May 11, 2026 https://wiki.debian.org/LTS -...

CVE-2026-43425

A flaw was found in the Linux kernel's mdc800 USB image driver. When the driver attempts to read data from a USB device, a timeout can occur, leaving a USB Request Block URB in an active state. If a subsequent read operation is initiated, the driver may attempt to resubmit this already active URB...

Debian dla-4578 : rails - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4578 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4578-1 [email protected] https://www.debian.org/lts/security/...

CVE-2022-50963

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via...

CVE-2022-50963 uBidAuction 2.0.1 myAuctions active Reflected XSS

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via...

CVE-2022-50963 uBidAuction 2.0.1 myAuctions active Reflected XSS

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via...

CVE-2022-50963

uBidAuction 2.0.1 has a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. The filter parameters date_created, date_from, date_to, and created_at are not properly sanitized, allowing remote attackers to inject scripts via crafted GET requests that execut...

CVE-2026-43459

A flaw was found in the Linux kernel's sound subsystem ASoC. When a sound card is unbound while an audio stream is active, a timing issue can lead to a use-after-free vulnerability. This occurs because certain resources are freed before all pending operations are completed. A local attacker could...

Open WebUI: Deactivated Channel Members Retain Full Access to Group/DM Channels

Deactivated Channel Members Retain Full Access to Group/DM Channels Affected Component Channel membership authorization check: - backend/openwebui/models/channels.py lines 663-673, isuserchannelmember - Used at 15 locations in backend/openwebui/routers/channels.py Affected Versions Current main...

CVE-2026-43321

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF subsystem. This vulnerability arises from the kernel's failure to correctly identify and mark active registers during indirect jump operations within the BPF program execution. An attacker could potentially exploit this to manipula...

GHSA-QWFW-GGXW-577C ex_webrtc client-role handshake is missing DTLS peer fingerprint validation

Summary Missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with...

PT-2026-39278

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description In the self-hosted artificial intelligence platform Open WebUI, the is user channel member function fails to verify the is active field when checking channel membership. When a user is removed fro...

PT-2026-39291

Name of the Vulnerable Software and Affected Versions Elixir WebRTC versions prior to 0.15.1 Elixir WebRTC versions prior to 0.16.1 Description Missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. When acting as th...

Active Debug Code

Overview Affected versions of this package are vulnerable to Active Debug Code via the Installer process. An attacker can access sensitive server configuration, environment variables, filesystem paths, and loaded PHP extensions by sending an unauthenticated GET request with the phpinfo parameter...

Rails: Active Support: Active Support: Denial of Service via large scientific notation strings

A flaw was found in Active Support, a toolkit of support libraries for Ruby on Rails. A remote attacker can exploit this vulnerability by providing specially crafted strings containing scientific notation e.g., "1e10000" to number helpers. This input causes the BigDecimal component to expand into...

Rails: Active Support: Active Support: Denial of Service via large scientific notation strings

A flaw was found in Active Support, a toolkit of support libraries for Ruby on Rails. A remote attacker can exploit this vulnerability by providing specially crafted strings containing scientific notation e.g., "1e10000" to number helpers. This input causes the BigDecimal component to expand into...