7633 matches found
CVE-2026-0703
The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xlwctycurrentdate' shortcode in all versions up to, and including, 2.23.0 due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2026-0703
Affected software: NextMove Lite – Thank You Page for WooCommerce plugin for WordPress. Vulnerability: Stored Cross-Site Scripting via the plugin’s** 'xlwcty_current_date' shortcode. Root cause: insufficient input sanitization and output escaping on user-supplied attributes. Versions impacted: al...
PT-2026-36616
The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xlwcty current date' shortcode in all versions up to, and including, 2.23.0 due to insufficient input sanitization and output escaping on user supplied attributes...
[slackware-security] mozilla-firefox
New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-140.10.1esr-i686-1slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more...
CVE-2026-31734
In the Linux kernel, the following vulnerability has been resolved: schedext: Fix isbpfmigrationdisabled false negative on non-PREEMPTRCU Since commit 8e4f0b1ebcf2 "bpf: use rcureadlockdontmigrate for trampoline.c", the BPF prolog bpfprogenter calls migratedisable only when CONFIGPREEMPTRCU is...
CVE-2026-31734
In the Linux kernel, the following vulnerability has been resolved: schedext: Fix isbpfmigrationdisabled false negative on non-PREEMPTRCU Since commit 8e4f0b1ebcf2 "bpf: use rcureadlockdontmigrate for trampoline.c", the BPF prolog bpfprogenter calls migratedisable only when CONFIGPREEMPTRCU is...
EUVD-2026-26547
In the Linux kernel, the following vulnerability has been resolved: schedext: Fix isbpfmigrationdisabled false negative on non-PREEMPTRCU Since commit 8e4f0b1ebcf2 "bpf: use rcureadlockdontmigrate for trampoline.c", the BPF prolog bpfprogenter calls migratedisable only when CONFIGPREEMPTRCU is...
ROS-20260429-73-0020
A vulnerability in the PostgreSQL database management system is related to incorrect array indexing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the context of the current user using specially crafted queries...
ROS-20260429-73-0021
A vulnerability in the PostgreSQL database management system is related to incorrect array indexing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the context of the current user using specially crafted queries...
ROS-20260429-73-0039
A vulnerability in the Intarray extension selectivity evaluation function of the PostgreSQL database management system is related to insufficient validation of the specified input data type. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the...
ROS-20260429-73-0037
A vulnerability in the Intarray extension selectivity evaluation function of the PostgreSQL database management system is related to insufficient validation of a specified input data type. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the...
ROS-20260429-73-0033
A vulnerability in the Intarray extension selectivity evaluation function of the PostgreSQL database management system is related to insufficient validation of the specified input data type. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the...
ROS-20260429-73-0017
A vulnerability in the PostgreSQL database management system is related to incorrect array indexing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the context of the current user using specially crafted queries...
ROS-20260429-73-0018
A vulnerability in the PostgreSQL database management system is related to incorrect array indexing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the context of the current user using specially crafted queries...
[slackware-security] proftpd
New proftpd packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/proftpd-1.3.9a-i586-1slack15.0.txz: Upgraded. Fix for an SQL injection that may lead to authentication bypass, privilege escalation,...
[slackware-security] mpg123
New mpg123 packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mpg123-1.33.5-i586-1.txz: Upgraded. mpg123: Fix generic control mode for largefile-sensitive builds, where 32 bit offt was used with...
CVE-2026-31560
In the Linux kernel, the following vulnerability has been resolved: spi: spi-dw-dma: fix print error log when wait finish transaction If an error occurs, the device may not have a current message. In this case, the system will crash. In this case, it's better to use dev from the struct ctlr struc...
EUVD-2026-25453
In the Linux kernel, the following vulnerability has been resolved: spi: spi-dw-dma: fix print error log when wait finish transaction If an error occurs, the device may not have a current message. In this case, the system will crash. In this case, it's better to use dev from the struct ctlr struc...
CVE-2026-31560
CVE-2026-31560 affects the Linux kernel spi-dw-dma path. When completing an SPI transaction, an error in handling a missing device message can lead to a system crash; the recommended fix is to obtain the device from the struct spi_controller* (dev from the controller). The vulnerability has been ...
Ubuntu Pro Realtime 24.04 LTS : Linux kernel (Raspberry Pi Real-time) vulnerabilities (USN-8204-1)
"The remote Ubuntu Pro Realtime 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8204-1 advisory. Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly...