420 matches found
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003590)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003590 advisory. An issue was discovered in drivers/scsi/qedi/qedidbg.c in the Linux kernel before 5.1.12. In the qedidbg family of functions, there is an out-of-bounds read. Tenable...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003811)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003811 advisory. A memory leak in the mlx5fpgaconncreatecq function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001505)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001505 advisory. A use-after-free in function hcisockboundioctl of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race...
PT-2026-1959
Name of the Vulnerable Software and Affected Versions Asseco InfoMedica versions prior to 4.50.1 Asseco InfoMedica versions prior to 5.38.0 Description Asseco InfoMedica stores user passwords in an encoded format within a database. An attacker with access to these encoded passwords can decode the...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000228)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000228 advisory. In the Linux kernel before 5.1, there is a memory leak in featregistersp in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. Tenable has...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000402)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000402 advisory. The flowdissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto...
PT-2026-1068
Name of the Vulnerable Software and Affected Versions PluXml versions prior to 5.8.23 Description A flaw exists in PluXml that could allow for remote code execution. The issue is located in the FileCookieJar:: destruct function within the core/admin/medias.php file of the Media Management Module...
CVE-2025-64190
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows DOM-Based XSS.This issue affects XStore Core: from n/a through 5.6...
EUVD-2025-205820
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme.Com XStore Core allows DOM-Based XSS.This issue affects XStore Core: from n/a before 5.6...
PT-2025-53018
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19.0-rc6 Description The Linux kernel contains a flaw within the mt76 mt7921e driver that can lead to a crash during module removal rmmod in a stress test scenario involving rapid module loading and unloading...
CVE-2025-1030 Sensitive Data Exposure in Utarit Informatics' SoliClub
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information. This issue affects SoliClub: from 5.2.4 before 5.3.7...
Weblate 信息泄露漏洞
Weblate is a Copyleft open source web-based free software continuous localization system. An information disclosure vulnerability exists in Weblate versions prior to 5.15.1, which stems from mishandling of specially crafted symbolic links and could result in reading arbitrary files from the serve...
CVE-2025-67492
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLEHOOKS avoids this vulnerability...
Weblate 安全漏洞
Weblate is a Copyleft open source web-based continuous localization system for free software. A security vulnerability exists in Weblate versions prior to 5.15 that stems from the possibility of accepting invitations opened by different users...
CVE-2025-65120
Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...
CVE-2025-54407
Stored cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...
PT-2025-50874
Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a malicious page while logged in, unintended operations may be performed...
PT-2025-49905
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Opal WP Fashion fashion2 allows PHP Local File Inclusion.This issue affects Fashion: from n/a through 5.3.0...
CVE-2025-34256
Advantech WISE-DeviceOn Server (prior to 5.4) uses a static HS512 HMAC secret to sign EIRMMToken JWTs, enabling forged tokens with a valid email claim. This allows remote, unauthenticated attackers to impersonate any DeviceOn account, including the root super admin, and obtain full administrative...
EUVD-2025-201434
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devices/name/agentid endpoint. When an authenticated user renames a device, the newname value is stored and later rendered in device listings or detail views without proper...