WordPress Easy Forms for Mailchimp Plugin < 6.8.9 - Cross-Site Scripting

The Easy Forms for Mailchimp plugin before version 6.8.9 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the sqlerror parameter before outputting it back in the page when the debug option is enabled, which could allow attackers to execute...

Mingsoft MCMS < 5.3.1 - Cross-Site Scripting

A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotel...

Gibbon LMS <= v25.0.01 - File Upload to RCE

Gibbon LMS versions 25.0.1 and earlier are vulnerable to an Arbitrary File Upload that can lead to Remote Code Execution RCE. The issue stems from the rubricsvisualisesaveAjax.php endpoint, which, notably, does not require authentication. Because of this, unauthenticated attackers could potential...

SolarView Compact < 6.00 - Directory Traversal

SolarView Compact before version 6.00 is vulnerable to directory traversal via the file parameter in downloader.php. An unauthenticated attacker can read arbitrary files from the system by using path traversal sequences with a null byte bypass to access sensitive files such as /etc/passwd. id:...

WP Go Maps (formerly WP Google Maps) < 9.0.29 - Cross-Site Scripting

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

Oracle Peoplesoft - Unauthenticated File Read

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component- Portal. Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise...

ROOT-OS-UBUNTU-2404-CVE-2023-4010 CVE-2023-4010 in rootio-linux - Patched by Root

Root has patched CVE-2023-4010 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

CVE-2023-42346

Alkacon OpenCms before 16 allows XXE when the refers to an external host...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : kvmtool vulnerabilities (USN-8172-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8172-1 advisory. It was discovered that kvmtool did not properly manage memory under certain circumstances. A malicious guest attacker...

SUSE SLED15 / SLES15 Security Update : grpc (SUSE-SU-2026:0840-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0840-1 advisory. This update for grpc fixes the following issue: - CVE-2023-33953: unbounded memory and CPU consumption in the HPACK...

CVE-2023-54288

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fortify the spinlock against deadlock by interrupt In the function ieee80211txdequeue there is a particular locking sequence: begin: spinlock&local-;queuestopreasonlock; qstopped = local-queuestopreasonsq;...

Linux Distros Unpatched Vulnerability : CVE-2023-54262

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/mlx5e: Don't clone flow post action attributes second time The code already clones post action attributes in mlx5ecloneflowattrforpostact. Creating another...

CVE-2023-54262

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't clone flow post action attributes second time The code already clones post action attributes in mlx5ecloneflowattrforpostact. Creating another copy in mlx5etcpostactadd is a erroneous leftover from original...

CVE-2023-54237 net/smc: fix potential panic dues to unprotected smc_llc_srv_add_link()

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix potential panic dues to unprotected smcllcsrvaddlink There is a certain chance to trigger the following panic: PID: 5900 TASK: ffff88c1c8af4100 CPU: 1 COMMAND: "kworker/1:48" 0 ffff9456c1cc79a0 machinekexec at...

CVE-2023-53975

CVE-2023-53975 affects Atom CMS 2.0 and describes an unauthenticated SQL injection via the id parameter on the admin index page, enabling time-based blind queries. The vulnerability stems from unvalidated input used in database queries, with potential impact on integrity and confidentiality as in...

Ubuntu: Security Advisory (USN-7909-5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2023-53788

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: hda/ca0132: fixup buffer overrun at tuningctlset tuningctlset might have buffer overrun at X if it didn't break from loop by matching A. static int...

UBUNTU-CVE-2023-53728

In the Linux kernel, the following vulnerability has been resolved: posix-timers: Ensure timer ID search-loop limit is valid posixtimeradd tries to allocate a posix timer ID by starting from the cached ID which was stored by the last successful allocation. This is done in a loop searching the ID...

CLSA-2025-1760021660 qemu-kvm: Fix of 3 CVEs

CVE-2021-3750: fix for DMA reentrancy use-after-free - CVE-2023-2680: final fix for CVE-2021-3750 - CVE-2023-0330: fix reentrancy in LSI53c895a SCSI controller...

Linux Distros Unpatched Vulnerability : CVE-2023-53549

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Rework long task execution when adding/deleting entries When adding/deleti...