CVE-2025-15030 User Profile Builder < 3.15.2 - Unauthenticated Arbitrary Password Reset

The User Profile Builder WordPress plugin before 3.15.2 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002112)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002112 advisory. The sctpassociationfree function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote...

PT-2024-32527 · Givewp · Givewp

Name of the Vulnerable Software and Affected Versions: GiveWP versions prior to 3.15.2 Description: A Cross-Site Request Forgery CSRF issue affects GiveWP, allowing unauthorized actions to be performed on behalf of a user without their knowledge. Recommendations: For versions prior to 3.15.2,...

PT-2024-18934

Name of the Vulnerable Software and Affected Versions djangorestframework versions prior to 3.15.2 Description The issue arises from improper input sanitization in the break long headers template filter, leading to Cross-site Scripting XSS via this filter due to the splitting and joining of input...

Sierra Wireless MGOS 安全漏洞

Sierra Wireless MGOS is a wireless communication device from Sierra Wireless Canada. A security vulnerability exists in Sierra Wireless MGOS versions prior to 3.15.2 and versions prior to 4.x through 4.3, which stems from a vulnerability that allows an attacker to read log files via Direct Reques...