150 matches found
CVE-2026-8702
The CVE-2026-8702 entry describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin GBI To Print (versions
CVE-2026-8702 GBI To Print <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'div' Shortcode Attribute
The GBI To Print plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the 'div' attribute of the 'gbitoprint' shortcode. This is due to insufficient output escaping in the gbitoprintshortcode function, which concatenates the raw shortcode attribute value directly...
CVE-2026-8702 GBI To Print <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'div' Shortcode Attribute
The GBI To Print plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the 'div' attribute of the 'gbitoprint' shortcode. This is due to insufficient output escaping in the gbitoprintshortcode function, which concatenates the raw shortcode attribute value directly...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: phy: ti: Fixed a missing sentinel for clkdivtable gettablemaxdiv attempts to access the "clkdivtable" array outside its defined bounds in phy-j721e-wiz.c. A sentinel entry was added to prevent the following global-out-of-bounds...
SUSE CVE-2026-31767
In the Linux kernel, the following vulnerability has been resolved: drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode Stop adjusting the horizontal timing values based on the compression ratio in command mode. Bspec seems to be telling us to do this only in video mode, and...
Astra Linux - уязвимость в linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2capleflowctlinit l2capleflowctlinit can cause both div-by-zero and an integer overflow since hdev-lemtu may not fall in the valid range. Move MTU from hcidev to hciconn to validate MTU and...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: hwmon: adc128d818 Underflow issues were fixed when writing limit attributes. The DIVROUNDCLOSEST function, after kstrtol, may cause an underflow if a large negative number, such as -9223372036854775808, is provided by the user...
Linux Distros Unpatched Vulnerability : CVE-2026-31767
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode Stop adjusting the horizontal timing values based on the compression ratio in command...
EUVD-2026-26580
In the Linux kernel, the following vulnerability has been resolved: drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode Stop adjusting the horizontal timing values based on the compression ratio in command mode. Bspec seems to be telling us to do this only in video mode, and...
Vikunja Vulnerable to XSS Via Task Preview
The task preview component creates a unparented div. The div's innerHtml is set to the unescaped description of the task...
PT-2026-5030
Name of the Vulnerable Software and Affected Versions soroban-fixed-point-math versions 1.3.0 through 1.4.0 Description The mulDivx, y, z function in soroban-fixed-point-math incorrectly handles cases where both the intermediate product x y and the divisor z are negative. The logic incorrectly...
SUSE CVE-2025-71111
In the Linux kernel, the following vulnerability has been resolved: hwmon: w83791d Convert macros to functions to avoid TOCTOU The macro FANFROMREG evaluates its arguments multiple times. When used in lockless contexts involving shared driver data, this leads to Time-of-Check to Time-of-Use TOCTO...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001520)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001520 advisory. It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992823)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992823 advisory. In the Linux kernel, the following vulnerability has been resolved: hwmon: adc128d818 Fix underflows seen when writing limit attributes DIVROUNDCLOSEST after kstrtol...
CVE-2025-12672
The Flickr Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'divheight' parameter of the 'flickrshow' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
EUVD-2025-60956
The Flickr Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'divheight' parameter of the 'flickrshow' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-12672
The Flickr Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'divheight' parameter of the 'flickrshow' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-12672 Flickr Show <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Flickr Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'divheight' parameter of the 'flickrshow' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-12672 Flickr Show <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Flickr Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'divheight' parameter of the 'flickrshow' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-12672
The Flickr Show plugin for WordPress is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the flickrshow shortcode div_height parameter, impacting all versions up to 1.5. Exploitation requires authenticated access at Contributor level or higher, enabling the attacker to inject scri...