Lucene search
K

3788 matches found

NVD
NVD
added 2 days ago4 views

CVE-2026-57737

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Averta LTD Shortcodes and extra features for Phlox theme allows DOM-Based XSS. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.16...

6.5CVSS0.00139EPSS
Exploits0References1
Patchstack
Patchstack
added 2 days ago8 views

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.16 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.16...

6.5CVSS5.8AI score0.00139EPSS
Exploits0Affected Software1
OSV
OSV
added last week5 views

MAL-2026-6531 Malicious code in @appupdate/cdn-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 445a7b613694730e29915d732e3df0700d145622b279b62b0a141c76211e6f14 Package @appupdate/cdn-sync ships as a thin koffi wrapper around prebuilt Go cgo native libraries 12MB linux.so, 11MB darwin.dylib for x64/arm64. The...

5.9AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added last week5 views

Security Bulletin: IBM Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a prototype pollution vulnerability due to immutable (CVE-2026-29063)

Summary There is a vulnerability in the immutable library which affects IBM WebSphere Application Server Liberty with the openapi-3.0, openapi-3.1, mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0 mpOpenAPI-3.1, mpOpenAPI-4.0 or mpOpenAPI-4.1 feature enabled. Following IBM Engineering...

9.8CVSS5.8AI score0.00978EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.4 views

org.keycloak.keycloak-services: Improper Access Control on Keycloak Server when the account Account API feature is disabled

When Keycloak is started with --features-disabled=account,account-api, the Account REST API is only partially disabled. Five endpoints under the versioned path /account/v1alpha1 remain fully functional — including both read and write operations — because they lack the checkAccountApiEnabled gate...

5.4CVSS5.8AI score0.00232EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53142

In the Linux kernel, the following vulnerability has been resolved: drm/xe/display: fix oops in suspend/shutdown without display The xe driver keeps track of whether to probe display, and whether display hardware is there, using xe-info.probedisplay. It gets set to false if there's no display aft...

5.7AI score0.00166EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: enetc: Deny offloading of tc-based TSN features on VF interfaces TSN features on the ENETC taprio, cbs, gate, police are configured through a combination of command BD ring messages and port registers: enetcportrd,...

5.5CVSS5.8AI score0.00225EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: veth: The GRO flag is cleared when XDP is disabled, even when the device is disabled. The NETIFFGRO flag is set automatically when XDP is enabled, because both features use the same NAPI mechanism. The logic for clearing the...

5.5CVSS6.3AI score0.00225EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcisync: Fixed a UAF in lereadfeaturescomplete. This fix addresses the issue where the hciconn variable was freed before lereadfeaturescomplete, but after hcilereadremotefeaturessync. As a result, hciconndel -...

8.8CVSS5.8AI score0.00219EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: xgmac: Fixed the handling of Data Path Parity Errors for DMA channels. The commit 56e58d6c8a56 „net: stmmac: Implement Safety Features in XGMAC core“ checks for safety errors, but leaves Data Path Parity Errors for...

5.5CVSS6AI score0.00223EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ixgbevf: added the missing negotiatefeatures operation to the Hyper-V ops table. The commit a7075f501bd3 “ixgbevf: fixed mailbox API compatibility by negotiating supported features” added the.negotiatefeatures callback to...

5.5CVSS5.6AI score0.00123EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-6.1, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fixed handling of HCIEVIOCAPAREQUEST. If we receive HCIEVIOCAPAREQUEST while HCIOPREADREMOTEEXTFEATURES has not yet been responded to, assume that the remote supports SSP. Otherwise, this event should not be...

5.5CVSS6AI score0.00244EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Qemu

A stack-based buffer overflow was discovered in the virtio-net device of QEMU. This issue occurs when flushing the TX operation in the virtionetflushtx function, provided that the guest has enabled VIRTIONETFHASHREPORT, VIRTIOFVERSION1, and VIRTIONETFMRGRXBUF. This could allow a malicious user to...

5.3CVSS7AI score0.0033EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Take the RTNL lock when necessary before calling xdpsetfeatures. The RTNL lock must be held when calling xdpsetfeatures with a registered netdev, as this call triggers the netdev notifiers. This could occur, for exampl...

5.5CVSS6.4AI score0.00164EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: cxl/features: Added a check to ensure there are entries in cxlfeatureinfo. In cxl EDAC calls cxlfeatureinfo to obtain feature information, if the hardware does not support any features, cxlfs can be passed as NULL. 51.957498...

5.4AI score0.0017EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: x86/fpu: Fixed the copyxstatetouabi function to correctly copy init states. When an extended state component is not present in fpstate, but is present in init state, the function copies data from initfpstate using copyfeature...

5.5CVSS6.2AI score0.00128EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerabilities have been resolved: x86/kvm: The teardown of PV features also occurs during boot-up. Various PV features Async PF, PV EOI, steal time work through memory shared with the hypervisor. When we resume from hibernation, we must properly teardown all...

5.5CVSS6.1AI score0.00237EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/17 10:26 a.m.7 views

Important: Red Hat Security Advisory: RHACS 4.10.4 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

10CVSS5.2AI score0.00478EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/15 9:30 p.m.7 views

EUVD-2026-36772

An OS command injection vulnerability in the /manage/features/media component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input...

5.8AI score0.01119EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 8:19 p.m.5 views

EUVD-2026-36878

Subscriber Sensitive Data Exposure in Chatway Live Chat AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons = 1.4.8 versions...

7.4CVSS5.2AI score0.00264EPSS
Exploits0References1
Rows per page
Query Builder