EUVD-2026-32095

The Post Category Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'postcategorygallery' shortcode in versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes such as...

PT-2026-34299

Name of the Vulnerable Software and Affected Versions Bread & Butter versions prior to 8.2.0.26 Description Stored Cross-Site Scripting is possible via the 'breadbutter-customevent-button' shortcode. The customEventShortCodeButton function fails to apply proper input sanitization and output...

PT-2026-35582

USN-8196-1 fixed vulnerabilities in strongSwan. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: Haruto Kimura discovered that strongSwan incorrectly handled the supported versions extension in TLS. A remote attacker could possibly use this issue to...

USN-8077-1: Bleach vulnerabilities

It was discovered that Bleach did not properly sanitize URI attributes containing character entities. An attacker could possibly use this issue to construct a URI with a disallowed scheme that would bypass sanitization, leading to cross-site scripting. This issue only affected Ubuntu 18.04 LTS...

CVE-2025-52623

HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. This issue affects...

AlmaLinux 9 : java-1.8.0-openjdk (ALSA-2026:0932)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:0932 advisory. JDK: Improve JMX connections CVE-2026-21925 JDK: Improve HttpServer Request handling CVE-2026-21933 JDK: Enhance Certificate Checking CVE-2026-21945 libpn...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a missing nlapolicy for the vdpa max vqp attribute, which could lead to out-of-bounds reads...

CVE-2025-9512

The Schema & Structured Data for WP & AMP WordPress plugin before 1.50 does not properly handles HTML tag attribute modifications, making it possible for unauthenticated attackers to conduct Stored XSS attacks via post comments...

PT-2025-30716 · Hcl · Hcl Iem

Name of the Vulnerable Software and Affected Versions: HCL IEM affected versions not specified Description: HCL IEM is affected by a cookie attribute not set vulnerability resulting from inconsistent security-related configurations. This issue could increase exposure to potential vulnerabilities...

CBL Mariner 2.0 Security Update: kernel (CVE-2025-39735)

"The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-39735 advisory. - In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in eag...

Linux Distros Unpatched Vulnerability : CVE-2024-26933

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port disable sysfs attribute The show and store callback routines...

Axios 安全漏洞

Axios is an HTTP client based on Promise a solution for asynchronous programming from the Axios open source. A security vulnerability exists in Axios versions prior to 1.7.8 that stems from isURLSameOrigin.js not using a URL object to determine the origin and contains a potentially unwanted...

IBM Datacap Navigator Information Disclosure Vulnerability (CNVD-2024-33370)

IBM Datacap Navigator is a Web client for Datacap from International Business Machines IBM. An information disclosure vulnerability exists in IBM Datacap Navigator that stems from not setting a security attribute on an authorization token or session cookie, which can be exploited by an attacker t...

MOXA PT-G503 Security Vulnerability

MOXA PT-G503 is a series of Layer 2 managed switches from China's MOXA. A security vulnerability exists in MOXA PT-G503 v5.2 and earlier versions, which stems from not setting the security attribute of a sensitive cookie in an HTTPS session, which could result in the cookie being transmitted in...

SUSE-SU-2023:3762-1 Security update for frr

This update for frr fixes the following issues: - CVE-2023-38802: Fixed bad length handling when processing BGP attributes. bsc1213284 - CVE-2023-41358: Fixed a possible crash when processing NLRIs with an attribute length of zero. bsc1214735 - CVE-2023-41909: Fixed NULL pointer dereference due t...

When access the storefront webpage getting .Net errors

When access the newly added Storefront server getting the below error. Error : The 'targetFramework' attribute in the element of the Web.config file is used only to target version 4.0 and later of the .NET Framework for example, ''. The 'targetFramework' attribute currently references a version...

SMTP Mail < 1.2 - Reflected Cross-Site Scripting (XSS)

The plugin does not escape its page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue PoC...

CVE-2018-13094

An issue was discovered in fs/xfs/libxfs/xfsattrleaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfsdashrinkinode is called with a NULL bp...