ROOT-OS-DEBIAN-11-CVE-2026-31701 CVE-2026-31701 in rootio-linux - Patched by Root

Root has patched CVE-2026-31701 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2025-40104 CVE-2025-40104 in rootio-linux - Patched by Root

Root has patched CVE-2025-40104 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2026-45986 CVE-2026-45986 in rootio-linux - Patched by Root

Root has patched CVE-2026-45986 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

EUVD-2025-206696

Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting XSS vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/coursebundles/search/query endpoint. These vulnerabilities are distinct from the patch for CVE-2023-4119, whic...

WordPress WP-CRM System plugin <= 3.4.2 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Mika in WordPress Plugin WP-CRM System versions = 3.4.2...

WordPress WatchTowerHQ Plugin <= 3.10.1 is vulnerable to Broken Authentication

Software WatchTowerHQ Type Plugin Vulnerable versions = 3.10.1 Fixed in 3.10.4 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9933 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5b771d8428a0 Credits István...

GHSA-2VGG-9H6W-M454 Bypassing Rate Limit and Brute Force Protection Using Cache Overflow

Summary An attacker can effectively bypass the rate limit and brute force protections by exploiting the application's weak cache-based mechanism. This loophole in security can be combined with other vulnerabilities to attack the default admin account. This flaw undermines a previously patched CVE...

WordPress Booster Elite for WooCommerce Plugin < 7.1.3 is vulnerable to Content Injection

Software Booster Elite for WooCommerce Type Plugin Vulnerable versions 7.1.3 Fixed in 7.1.3 OWASP Top 10 A1: Broken Access Control Classification Content Injection CVE CVE-2023-51511 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1e2bd30a7dcc Credits Dave Jong...

Cross site scripting

Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in...

WordPress Youtube shortcode Plugin <= 1.8.5 is vulnerable to Cross Site Scripting (XSS)

Software Youtube shortcode Type Plugin Vulnerable versions = 1.8.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23687 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c5d93f87872c Credits István Márton Required...

Fedora 33 : python-pygments (2021-175e686ca6)

The remote Fedora 33 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-175e686ca6 advisory. - Backport upstream patch to fix CVE 1922137 FEDORA-2021-175e686ca6 Note that Nessus has not tested for this issue but has instead relied only on the...

OPENSUSE-SU-2020:1056-1 Security update for LibVNCServer

This update for LibVNCServer fixes the following issues: - security update - added patches fix CVE-2018-21247 bsc1173874, uninitialized memory contents are vulnerable to Information leak + LibVNCServer-CVE-2018-21247.patch fix CVE-2019-20839 bsc1173875, buffer overflow in ConnectClientToUnixSock ...

SUSE-SU-2020:1937-1 Security update for cairo

This update for cairo fixes the following issues: - Fix a memory corruption in pango. - Revert 'Correctly decode Adobe CMYK JPEGs in PDF export'. - Add more FreeeType font color conversions to support COLR/CPAL. - Fix crash when rendering Microsoft's Segoe UI Emoji Regular font. - Fix memory leak...

Fedora 27 : transmission (2018-499a02cc9d)

Fix CVE patch, build with openssl-1.1.x Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Upgrade Tomcat to the latest 8.0.x release

h3. Summary We are currently on 8.0.17 and have already been bitten by a bug in it: https://bz.apache.org/bugzilla/showbug.cgi?id=57476 We should upgrade to the latest to get the latest bugfixes. Also, there have been a number of recent CVEs involving Tomcat, most of which involve SecurityManager...

ipa-client security update

2.1.3-5.2 - Add missing man page option --ca-cert-file. 878217 2.1.3-5.1 - Fix python syntax backport issue in CVE patch. 878217 2.1.3-5 - Use secure method to retrieve IPA CA during client enrollment. CVE-2012-5484 878217...