91 matches found
kernel: libceph: prevent potential out-of-bounds reads in handle_auth_done()
In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handleauthdone Perform an explicit bounds check on payloadlen to avoid a possible out-of-bounds access in the callout. idryomov: changelog...
CVE-2026-8885
The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...
CVE-2026-8885
The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...
EUVD-2026-33893
The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...
CVE-2026-8885
The CVE-2026-8885 entry concerns the WordPress plugin DeMomentSomTres Shortcodes (versions
CVE-2026-8885 DeMomentSomTres Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...
CVE-2026-8885 DeMomentSomTres Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...
CVE-2026-8885
The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...
PT-2026-45710
Name of the Vulnerable Software and Affected Versions DeMomentSomTres Shortcodes versions prior to 1.1.2 Description The DeMomentSomTres Shortcodes plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the st callout function fails to properly sanitize input and...
CVE-2026-22984
CVE-2026-22984 affects the Linux kernel libceph path (handle_auth_done) and is resolved by an explicit bounds check on payload_len to prevent out-of-bounds reads. Upstream patch exists and has been incorporated in newer kernel releases (e.g., 6.6.130 per Mageia advisory); vendors: update to a ker...
MiracleLinux 8 : pcre-8.42-6.el8 (AXSA:2021-2716:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2716:01 advisory. pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1 CVE-2019-20838 pcre: Integer overflow when parsi...
EUVD-2025-34135
Malicious code in private-callout-queue npm...
Malicious Package
Overview private-callout-queue is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in private-callout-queue (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7962ea070e8c6d0dc03b62736d3b83c52ac2367d2f5949252c86fa295aac63b2 Any computer that has this package installed or running should be considered...
MAL-2025-48411 Malicious code in private-callout-queue (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7962ea070e8c6d0dc03b62736d3b83c52ac2367d2f5949252c86fa295aac63b2 Any computer that has this package installed or running should be considered...
EUVD-2018-17508
Malware in sbrugna...
EUVD-2022-28982
Malicious code in bioql PyPI...
EUVD-2025-30235
Malicious code in bioql PyPI...
EUVD-2022-38298
Malicious code in bioql PyPI...
EUVD-2024-36082
Malicious code in bioql PyPI...