Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013288)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013288 advisory. An issue was discovered in the Linux kernel before 5.2.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c...

GHSA-2328-F5F3-GJ25 Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)

Summary pki.verifyCertificateChain does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions. This allows any leaf certificate without these extensions to act as a CA and sign other certificates, which node-for...

CVE-2022-31943

MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability...

SUSE CVE-2025-64458

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, django.http.HttpResponseRedirect, django.http.HttpResponsePermanentRedirect, and the shortcut django.shortcuts.redirect were subject to a...

CVE-2025-64458

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, django.http.HttpResponseRedirect, django.http.HttpResponsePermanentRedirect, and the shortcut django.shortcuts.redirect were subject to a...

PT-2025-45118

Name of the Vulnerable Software and Affected Versions Django versions prior to 4.2.26 Django versions prior to 5.1.14 Django versions prior to 5.2.8 Django versions 5.0.x and earlier Django versions 4.1.x and earlier Django versions 3.2.x and earlier Description The issue relates to algorithmic...

WordPress Rescue Shortcodes plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Rescue Shortcodes versions = 3.1...

WordPress Advanced File Manager plugin <= 5.2.8 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Advanced File Manager versions = 5.2.8...

WordPress Generate Images – Magic Post Thumbnail plugin < 5.2.8 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Kieran Burge in WordPress Plugin Magic Post Thumbnail versions 5.2.8...

PT-2023-30345 · Elementor · The Plus Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor Pro versions n/a through 5.2.8 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability, which allows PHP Local File...

SUSE CVE-2019-2678

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

SUSE CVE-2019-15099

drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor...

CVE-2022-4050

The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

MingSoft MCMS SQL注入漏洞

MingSoft MCMS is a complete open source J2ee system from China's MingSoft. A SQL injection vulnerability exists in MingSoft MCMS version 5.2.8, which originates from an attacker being able to exploit the fieldName parameter of its /mdiy/page/verify URI component to achieve SQL injection...

MingSoft MCMS SQL注入漏洞

MingSoft MCMS is a complete open source J2ee system from China's MingSoft. A SQL injection vulnerability exists in MingSoft MCMS version 5.2.8, which originates from a SQL injection vulnerability in the /mdiy/model/delete URI containing a SQL injection via models Lists...

CVE-2022-31943

MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability...

DEBIAN-CVE-2019-15099

drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor...

Unspecified Vulnerability in Oracle Virtualization VM VirtualBox Component (CNVD-2019-36158)

Oracle Virtualization is a set of virtualization solutions from Oracle Corporation. The product is used to unify the management of the entire hardware and software system from applications to disks, enabling virtualization from the desktop to the data center.VM VirtualBox is one of the virtual...

Unspecified Vulnerability in Oracle Virtualization VM VirtualBox Component (CNVD-2019-36162)

Oracle Virtualization is a set of virtualization solutions from Oracle Corporation. The product is used to unify the management of the entire hardware and software system from applications to disks, enabling virtualization from the desktop to the data center.VM VirtualBox is one of the virtual...

IBM Tivoli Storage Productivity Center and IBM Spectrum Control Cross-Site Request Forgery Vulnerability

IBM Tivoli Storage Productivity Center and IBM Spectrum Control are both storage resource management software from IBM USA. A cross-site request forgery vulnerability exists in IBM Tivoli Storage Productivity Center versions 5.2.0 through 5.2.7.1 and IBM Spectrum Control versions 5.2.8 through...