CVE-2026-28510

eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with...

EUVD-2025-208858

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Composer allows Reflected XSS.This issue affects tagDiv Composer: from n/a through 5.4.2...

WordPress plugin tagDiv Composer 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...

GHSA-Q4F2-39GR-45JH Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint

Summary Adminer v5.4.1 has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from any source. An attacker can POST version parameter which P...

Linux Distros Unpatched Vulnerability : CVE-2026-25892

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001384)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001384 advisory. fpregsstatevalid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of...

WordPress tagDiv Composer plugin <= 5.4.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin tagDiv Composer versions = 5.4.2...

September 9, 2025—KB5065427 (OS Build 14393.8422)

September 9, 2025—KB5065427 OS Build 14393.8422 Windows Secure Boot certificate expiration Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if not updat...

CVE-2020-15428

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxcrons.php. When parsing the line parameter, the process does not...

WordPress Auto Amazon Links plugin <= 5.4.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Auto Amazon Links versions = 5.4.2...

PT-2024-39584 · WordPress · Auto Amazon Links – Amazon Associates Affiliate Plugin

Name of the Vulnerable Software and Affected Versions: The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress versions up to, and including, 5.4.2 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate...

OESA-2024-1910 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: Heap-based buffer overflow...

OESA-2024-1913 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: Heap-based buffer overflow...

OESA-2024-1911 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: Heap-based buffer overflow...

Assimp vulnerable to heap-based buffer overflow

Overview Assimp provided by Open Asset Import Library contains a heap-based buffer overflow vulnerability CWE-122. Yuhei Kawakoya of NTT Security Holdings reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

CVE-2024-0445

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's element attributes in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...

PT-2024-22080 · WordPress · The Plus Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor plugin for WordPress versions up to, and including, 5.4.2 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the Age Gate widget, allowing...

CVE-2023-23634

SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint...

SUSE CVE-2022-28069

A heap buffer overflow in vaxopfunction in radare2 5.4.2 and 5.4.0...

SUSE CVE-2022-28070

A null pointer deference in coreanalfcn function in radare2 5.4.2 and 5.4.0...