Linux Distros Unpatched Vulnerability : CVE-2026-31485

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - spi: spi-fsl-lpspi: fix teardown order issue UAF There is a teardown order issue in the driver. The SPI controller is registered using devmspiregistercontroller...

PT-2026-32027

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any I...

MiracleLinux 7 : gcc-4.8.5-16.el7.2 (AXBA:2018-2593:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXBA:2018-2593:01 advisory. - Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker...

WordPress plugin ShopEngine Elementor WooCommerce Builder Addon 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site request...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in axios-1.6.1.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of axios-1.6.1.tgz Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to...

CVE-2025-0719

IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste...

CVE-2024-12316

The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportpopupaction function in all versions up to, and including, 4.8.5. This makes it possible for unauthenticated attackers to export popup templates...

WordPress Bread & Butter plugin <= 7.4.857 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Bread & Butter versions = 7.4.857...

WordPress WP Easy Gallery plugin <= 4.8.5 - Authenticated (Contributor+) SQL Injection via key Parameter vulnerability

Authenticated Contributor+ SQL Injection via key Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin WP Easy Gallery versions = 4.8.5...

SUSE CVE-2016-10040

Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service application crash via a xml file with multiple nested open tags...

CVE-2022-26329

File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL...

Wowza Media Systems Streaming Engine 权限许可和访问控制问题漏洞

Wowza Media Systems Streaming Engine is a suite of streaming media server software from Wowza Media Systems in the United States. A privilege-granting and access-control issue vulnerability exists in Wowza Media Systems Streaming Engine 4.8.5 and earlier versions, which stems from a file-permissi...

PT-2020-10162 · Wowza · Wowza Streaming Engine

Name of the Vulnerable Software and Affected Versions: Wowza Streaming Engine versions prior to 4.8.5 Description: The issue allows an authenticated user with access to proxy license editing to insert a malicious payload that will be triggered in the main page of server settings. This is a case o...

CVE-2020-9004

A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue requests to the administration panel in order to change functionality. For example, a read-only user may activate the Java JMX port in unauthenticated mode and...

CVE-2019-7655

Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the 1 customList%5B0%5D.value field in enginemanager/server/serversetup/editadv.htm of the Server Setup configuration or the 2 host field in enginemanager/jspringsecuritycheck of the login form. This issu...

PT-2013-1885 · Openssl +2 · Openssl +2

Name of the Vulnerable Software and Affected Versions: Qt versions prior to 4.6.5 Qt versions 4.7.x prior to 4.7.6 Qt versions 4.8.x prior to 4.8.5 Description: The issue arises from the QSslSocket::sslErrors function, which, when used with certain versions of openSSL, may read memory from an...