CVE-2026-24708

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

UBUNTU-CVE-2026-24708

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

Flat Nuke 3.1.2 Cross Site Scripting

A cross site scripting vulnerability exists in Flat Nuke version 3.1.2. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

CVE-2026-24576

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through = 5.4.0...

CVE-2026-24576

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through = 5.4.0...

CVE-2026-24576

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through = 5.4.0...

CVE-2026-24576 WordPress UX Flat plugin <= 5.4.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through = 5.4.0...

CVE-2026-24576

CVE-2026-24576 is a stored XSS vulnerability in the WordPress UX Flat plugin (ux-flat) affecting versions up to and including 5.4.0. The issue is described as improper neutralization of input during web page generation, enabling stored cross-site scripting. The primary connected sources confirm t...

CVE-2026-24576 WordPress UX Flat plugin <= 5.4.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through = 5.4.0...

PT-2026-4415

Name of the Vulnerable Software and Affected Versions COP UX Flat versions through 5.4.0 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting issue. This allows for Stored XSS attacks. Recommendations Update...

Azure Linux 3.0 Security Update: kernel (CVE-2024-58010)

"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-58010 advisory. - In the Linux kernel, the following vulnerability has been resolved: binfmtflat: Fix integer overflow bug on...

WordPress UX Flat plugin <= 5.4.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin UX Flat versions = 5.4.0...

WordPress Flat Shipping Rate by City for WooCommerce plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the WordPress Flat Shipping Rate by City for WooCommerce plugin, which stems from insufficient cleaning and escaping of the cities...

ROS-20260119-7336

A vulnerability in the binfmtflat component of the Linux operating system kernel is related to integer overflow. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2026-0678

The Flat Shipping Rate by City for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'cities' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2026-0678

The Flat Shipping Rate by City for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'cities' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2026-0678 Shipping Rates by City for WooCommerce <= 1.0.3 - Authenticated (Shop Manager+) SQL Injection via 'cities' Parameter

The Flat Shipping Rate by City for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'cities' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

WordPress plugin Flat Shipping Rate by City for WooCommerce SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the WordPress Flat Shipping Rate by City for WooCommerce plugin, which stems from insufficient cleaning and escaping of the cities...

CVE-2009-4802

SQL injection vulnerability in the Flat Manager flatmgr extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2024-2459

The UX Flat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers wi...