EUVD-2026-30301

vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external...

WordPress plugin “Save as PDF Plugin” by PDFCrowd has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-4617

Name of the Vulnerable Software and Affected Versions Save as PDF Plugin for WordPress versions prior to 4.5.6 Description The Save as PDF Plugin for WordPress is susceptible to Reflected Cross-Site Scripting through the options parameter. Insufficient input sanitization and output escaping allow...

Mastodon security vulnerabilities

Mastodon is an open-source social networking server based on ActivityPub. Versions of Mastodon prior to 4.3.18, 4.4.12, and 4.5.5 contained security vulnerabilities. These vulnerabilities stemmed from the lack of restrictions on the maximum number of remote post voting options, which could lead t...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003081)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003081 advisory. The replacemapfdwithmapptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local use...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000617)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000617 advisory. The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local...

CVE-2025-67472

Cross-Site Request Forgery CSRF vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Cross Site Request Forgery.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through = 4.5.5...

EUVD-2025-202132

Cross-Site Request Forgery CSRF vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Cross Site Request Forgery.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through = 4.5.5...

CVE-2020-14555

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite component: Marketing Administration. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...

IBOS SQL注入漏洞

IBOS is a collaborative office management system. A SQL injection vulnerability exists in IBOS OA version 4.5.5, which originates from a SQL injection vulnerability in the component Interview Management Export...

PT-2022-28080 · Unknown · Dolibarr Project Timesheet

Name of the Vulnerable Software and Affected Versions: dolibarr project timesheet versions up to 4.5.5 Description: A vulnerability was found in the Form Handler component, leading to cross-site request forgery. The attack can be initiated remotely. Recommendations: For versions up to 4.5.5,...

2020-04 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4550944)

2020-04 Cumulative Update for Windows 10 Version 1803 for x64-based Systems KB4550944...