Advanced Custom Fields < 6.1.6 - Cross-Site Scripting

Advanced Custom Fields beofre 6.1.6 is susceptible to cross-site scripting via the poststatus parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow th...

Advance Post Prefix WordPress plugin - Reflected XSS

Advance Post Prefix WordPress plugin through 1.1.1 contains a reflected cross-site scripting caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12734 info: name: Advance...

CVE-2026-56070

Unauthenticated SQL Injection in Advance Product Search = 1.4.4 versions...

CVE-2026-56070

WordPress Advance Product Search plugin (

CVE-2026-56070 WordPress Advance Product Search plugin <= 1.4.4 - SQL Injection vulnerability

Unauthenticated SQL Injection in Advance Product Search = 1.4.4 versions...

Linux Distros Unpatched Vulnerability : CVE-2026-53011

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/sched: taprio: fix use-after-free in advancesched on schedule switch In advancesched, when shouldchangeschedules returns true, switchschedules is called to...

CVE-2026-53011

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: fix use-after-free in advancesched on schedule switch In advancesched, when shouldchangeschedules returns true, switchschedules is called to promote the admin schedule to oper. switchschedules queues the old op...

CVE-2026-52934

In the Linux kernel, the following vulnerability has been resolved: batman-adv: tvlv: reject oversized TVLV packets batadvtvlvcontainerogmappend builds a TVLV packet section from the tvlv.containerlist. The total size of this section is computed by batadvtvlvcontainerlistsize, which sums the size...

WordPress Advance Nav Menu Manager plugin <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Nav Menu Item Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Nav Menu Item Modification vulnerability discovered by Hardik Patel in WordPress Plugin Advance Nav Menu Manager versions = 1.3...

Astra Linux – Vulnerability in pillow

A issue was discovered in Pillow before version 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop during loading...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: - svcrdma: The bound check of rqpages index in the inline path. - svcrdmacopyInlineRange: Indexing rqstp-rqpagesrccurpage without verifying that rccurpage remains within the allocated page array. Add guards before the first us...

CVE-2026-42308 Pillow: Integer overflow when processing fonts

Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0...

UBUNTU-CVE-2026-43439

In the Linux kernel, the following vulnerability has been resolved: cgroup: fix race between task migration and iteration When a task is migrated out of a cssset, cgroupmigrateaddtask first moves it from cset-tasks to cset-mgtasks via: listmovetail&task-cglist, &cset-mgtasks; If a csstaskiter...

GHSA-WJX4-4JCJ-G98J Pillow has an integer overflow when processing fonts

If a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This has been fixed...

Canon多款产品 安全漏洞

Canon imagePRESS and other products are manufactured by Canon, a Japanese company. The Canon imagePRESS is a series of color production digital printing machines. The Canon imageFORCE is a series of color digital printers. The Canon imageRUNNER is a series of color digital printers. Several of...

PT-2026-31874

A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. This manipulation of the argument webpage causes buffer overflow. It is possible to initiate the attack remotely. The exploit...

CVE-2019-25680

Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can submit crafted SQL payloads in the 's' parameter of search requests to extract...

CVE-2019-25680 Advance Gift Shop Pro Script 2.0.3 SQL Injection via search

Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can submit crafted SQL payloads in the 's' parameter of search requests to extract...

CVE-2019-25680 Advance Gift Shop Pro Script 2.0.3 SQL Injection via search

Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can submit crafted SQL payloads in the 's' parameter of search requests to extract...

SUSE CVE-2026-2069

A flaw has been found in ggml-org llama.cpp up to 55abc39. Impacted is the function llamagrammaradvancestack of the file llama.cpp/src/llama-grammar.cpp of the component GBNF Grammar Handler. This manipulation causes stack-based buffer overflow. The attack needs to be launched locally. The exploi...