WordPress plugin MDJM Event Management 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

Unverified Ownership

Overview miraheze/ts-portal is a Portal for handling and managing the investigation lifecycle for Trust and Safety at the WikiTide Foundation Affected versions of this package are vulnerable to Unverified Ownership due to the evidence handling in DPAController::store within...

WindMill 路径遍历漏洞

WindMill is a free open-source tool developed by Lukasavicus’ individual developer. It is used to control the execution of tasks in Python. Versions of WindMill prior to 1.603.3 contained a path traversal vulnerability. This vulnerability stemmed from the filename parameter in the getlogfile...

VulnCheck KEV: CVE-2021-22681

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730,...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005753)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005753 advisory. In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v4: Don't allow a VMOVP on a dying VPE Kunkun Jiang reported that there is a small...

📄 Cisco Catalyst SD-WAN Controller Authentication Bypass / Arbitrary WAR Upload

A critical security vulnerability chain was identified involving an authentication bypass through exposed configuration data, followed by an arbitrary file upload via path traversal. Successful exploitation may allow an attacker to deploy a malicious WAR archive into the application server's...

Ubuntu: Security Advisory (USN-8073-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-8073-1: QEMU vulnerabilities

It was discovered that the UHCI controller implementation of QEMU could be brought into an invalid state. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2024-8354 It was discovered that QEMU incorrectly handled memory durin...

K000160227: Linux kernel vulnerability CVE-2025-37849

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If kvmarchvcpucreate fails to share the vCPU page with the hypervisor, we propagate the error back to the ioctl but leave the vGIC vCPU data...

CVE-2026-2732

The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'RemoveBackGroundViewController::load' function in all versions up to, and including, 4.1.7. This makes it possible for authenticated attackers, with...

CVE-2025-48635

In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-47384

Transient DOS when MAC configures config id greater than supported maximum value...

CVE-2025-50195

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. This issue has been patched in version 1.11.30...

SUSE CVE-2026-25518

cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. In versions from 1.18.0 to before 1.18.5 and from 1.19.0 to before 1.19.3, the cert-manager-controller performs DNS...

SUSE CVE-2026-26055

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

SUSE CVE-2026-26056

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...

CVE-2025-23419 vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller...

GHSA-84XH-PWC6-7G4G vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller...

CVE-2025-23419 vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller-fips, ingress-nginx-controller...

GHSA-84XH-PWC6-7G4G vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller-fips, ingress-nginx-controller...