CVE-2026-45932

CVE-2026-45932 – Linux kernel (bpf: Fix tcx/netkit detach permissions when prog fd isn’t given) The issue allows BPF_PROG_DETACH on tcx or netkit devices to be executed by any user when no program FD is provided, bypassing permission checks. A fix was added to require CAP_NET_ADMIN or CAP_SYS_ADM...

Security update for kernel-livepatch-MICRO-6-0-RT_Update_6

This update for kernel-livepatch-MICRO-6-0-RTUpdate6 fixes the following issues: CVE-2025-38206: exfat: fix double free in delayedfree bsc1246075 CVE-2025-38396: fs: export anoninodemakesecureinode and fix secretmem LSM bypass bsc1247158 CVE-2025-38471: kernel: tls: always refresh the queue when...

EUVD-2023-56452

Malicious code in bioql PyPI...

CVE-2025-54411

CVE-2025-54411 affects Discourse prior to 3.5.0.beta8, where the welcome_banner.header.logged_in_members and the logged-in user name string can cause cross-site scripting (XSS). The underlying issue is in the welcome banner user name string, enabling XSS that may impact the user or allow an admin...

CVE-2022-1750

The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ popuptitle' parameter in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with admin level capabilities an...

CVE-2020-36666

The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPre...

PT-2024-15253 · WordPress · Import Wp

Name of the Vulnerable Software and Affected Versions: Import WP WordPress plugin versions prior to 2.13.1 Description: The issue allows users with the administrator role to conduct SSRF attacks, which may be a problem in multisite configurations. This is due to the lack of prevention of pinging ...

CVE-2023-51761

In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities...

CVE-2023-51761 Emerson Rosemount GC370XA, GC700XA, GC1500XA Improper Authentication

In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities...

kernel: refcount leak in ctnetlink_create_conntrack()

A memory leak problem was found in ctnetlinkcreateconntrack in net/netfilter/nfconntracknetlink.c in the Linux Kernel. This issue may allow a local attacker with CAPNETADMIN privileges to cause a denial of service DoS attack due to a refcount overflow...

CVE-2020-36666

CVE-2020-36666 relates to privilege escalation in multiple WordPress plugins from e-plugins, including directory-pro, final-user-wp-frontend-user-profiles, photographer-directory, real-estate-pro, institutions-directory, lawyer-directory, doctor-listing, hotel-listing, fitness-trainer, and wp-mem...

CVE-2022-43863 IBM QRadar SIEM privilege escalation

IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425...

PT-2023-14376 · Ibm · Ibm Qradar Siem

Name of the Vulnerable Software and Affected Versions: IBM QRadar SIEM versions 7.4 through 7.5 Description: The issue allows a user with some admin capabilities to gain additional admin capabilities through privilege escalation. Recommendations: For versions 7.4 and 7.5, update to a version that...

Security Bulletin: IBM QRadar SIEM is vulnerable to privilege escalation (CVE-2022-43863)

Summary IBM QRadar SIEM is vulnerable to privilege escalation, allowing a user with some Admin capabilities to gain additional Admin capabilities. IBM QRadar SIEM has addressed the vulnerablity. Vulnerability Details CVEID:CVE-2022-43863 DESCRIPTION: IBM QRadar SIEM is vulnerable to privilege...

How one Microsoft product manager acts as champion for identity security

A technology career embodies the ancient Roman saying that “luck happens when preparation meets opportunity.” Few industries are as dynamic, fast-paced, or intense as technology. With so many challenges to solve, opportunities are everywhere, but as I’ve learned myself through the years, the best...

Unbreakable Enterprise kernel security update

5.4.17-2036.104.5 - scsi: iscsi: Verify lengths on passthrough PDUs Chris Leech Orabug: 32603379 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 - scsi: iscsi: Ensure sysfs attributes are limited to PAGESIZE Chris Leech Orabug: 32603379 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 - scsi: iscsi:...

Unbreakable Enterprise kernel security update

4.14.35-2047.501.2 - scsi: iscsi: Verify lengths on passthrough PDUs Chris Leech Orabug: 32634994 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 - scsi: iscsi: Ensure sysfs attributes are limited to PAGESIZE Chris Leech Orabug: 32634994 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 - scsi: iscsi:...

Computer Repair Shop < 2.0 - Authenticated Stored XSS

Computer Repair Shop is vulnerable to stored XSS. When a user has admin capabilities, malicious code can be submitted through the plugin's options. Fixed in version 2.0. PoC The plugin's options provided a basic HTML validation, which could be bypassed by copying + pasting malicious code into the...

WordPress Quiz And Survey Master 4.7.8 / 4.5.4 XSS / CSRF

Details ================ Software: Quiz And Survey Master Formerly Quiz Master Next Version: 4.5.4,4.7.8 Homepage: https://wordpress.org/plugins/quiz-master-next/ Advisory report:...