MiracleLinux 7 : firefox-128.5.1-1.0.1.el7.AXS7 (AXSA:2024-9409:41)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-9409:41 advisory. firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims CVE-2024-11694 firefox: thunderbird: Unhandled Exception in Add-on...

OSV-2026-76 Security exception in org.htmlunit.cyberneko.HTMLTagBalancer.endElement

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=476170180 Crash type: Security exception Crash state: org.htmlunit.cyberneko.HTMLTagBalancer.endElement org.htmlunit.cyberneko.HTMLElements$HTMLElementsWithCache.getElement...

OESA-2026-1056 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003599)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003599 advisory. A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiexuapparsetailies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memo...

CVE-2026-0992

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to...

MiracleLinux 7 : libxml2-2.9.1-6.6.0.4.el7.AXS7 (AXSA:2025-10716:14)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10716:14 advisory. CVE-2025-49794: fix memory safety issues in xmlSchematronReportOutput when parsing XPath elements CVE-2025-49796: fix memory corruption issue...

WordPress TheGem Theme Elements (for WPBakery) plugin <= 5.11.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin TheGem Theme Elements for WPBakery versions = 5.11.0...

WordPress TheGem Theme Elements (for Elementor) plugin <= 5.11.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin TheGem Theme Elements for Elementor versions = 5.11.0...

WordPress TheGem Theme Elements (for Elementor) plugin <= 5.11.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin TheGem Theme Elements for Elementor versions = 5.11.0...

CVE-2023-25800

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0...

CVE-2018-4319

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...

CVE-2021-33213

An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address...

CVE-2020-10247

MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sightingfield.ctp...

CVE-2023-4690

The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eaesaveconfig function. This makes it possible for unauthenticated attackers to change configuration...

CVE-2023-4689

The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eaesaveelements function. This makes it possible for unauthenticated attackers to enable/disable...

CVE-2022-0323

Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1...

CVE-2023-31080

Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor Free Widgets, Addons, Templates.This issue affects Unlimited Elements For Elementor Free Widgets, Addons, Templates: from n/a through 1.5.65...

CVE-2023-31231

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor Free Widgets, Addons, Templates.This issue affects Unlimited Elements For Elementor Free Widgets, Addons, Templates: from n/a through 1.5.65...

CVE-2025-69194

Summary: CVE-2025-69194 is a path-traversal vulnerability in GNU Wget2’s Metalink handling that can cause arbitrary file writes via unnormalized paths. The issue arises from trusting the Metalink name attribute during path resolution, allowing writes to unintended locations and potential further...

Siemens RUGGEDCOM ROX II Improper Neutralization of Special Elements in Output Used By a Downstream Component (CVE-2024-56838)

Code injection can be achieved when the affected device is using VRF Virtual Routing and Forwarding. An attacker could leverage this scenario to execute arbitrary code as root user. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...