CVE-2026-37470

An issue in ClipBucket v5 v.5.5.2 allows an attacker to execute arbitrary code via the Authentication interface, login page endpoint and HTTP response security headers components...

EUVD-2026-5207

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Categories Name &...

PT-2026-6417

Summary A stored DOM XSS vulnerability exists in the "Recent Orders" dashboard widget. The Order Status Name is rendered via JavaScript string concatenation without proper escaping, allowing script execution when any admin visits the dashboard. Users are recommended to update to the patched 5.5.2...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001489)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001489 advisory. There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgaconinvertregion function in drivers/video/console/vgacon.c. Tenable has extracted...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003877)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003877 advisory. There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgaconinvertregion function in drivers/video/console/vgacon.c. Tenable has extracted...

CVE-2025-66057 WordPress Bold Page Builder plugin <= 5.5.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in boldthemes Bold Page Builder bold-page-builder allows DOM-Based XSS.This issue affects Bold Page Builder: from n/a through = 5.5.2...

CVE-2025-55123

Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users...

EUVD-2025-38242

ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-146 and below, the Manage Playlists feature is vulnerable to stored Cross-site Scripting XSS,specifically in the Playlist Name field. An authenticated low-privileged user can create a playlist with a malicious name containi...

ClipBucket V5 安全漏洞

ClipBucket V5 is a video hosting platform for MacWarrior individual developers. A security vulnerability exists in ClipBucket V5 5.5.2-146 and prior versions, which stems from the Manage Photos feature mishandling the Photo Title parameter, which could lead to a stored cross-site scripting attack...

CVE-2022-45810

Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce.This issue affects Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce: from n/a throu...

CVE-2023-3714

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'editgroup' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, includin...

PT-2023-25584 · Unknown +2 · Parse Server +2

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 5.5.2 and 6.2.1 Description: The issue allows an attacker to use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. This can be exploited in Parse Server, an open sour...

SUSE CVE-2016-6254

Heap-based buffer overflow in the parsepacket function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via a crafted network packet...

PT-2020-5779 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.5.2 Description: The issue is related to the is blog installed function in wp-includes/functions.php, which improperly checks if WordPress is already installed. This could allow a remote attacker to perform a new...

X-Pack Security 5.5.2 security update

X-Pack Security TLS certificate verification error ESA-2017-15 An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replaced with an instance that trusts all certificates. This could allow any node...