CVE-2026-5226 Optimole <= 4.2.3 - Reflected Cross-Site Scripting via Page Profiler URL

The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient output escaping on user-supplied URL paths in the getcurrenturl function, which are inserted into...

PT-2026-32092

The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient output escaping on user-supplied URL paths in the get current url function, which are inserted into...

CVE-2026-33481

Syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001887)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001887 advisory. The slhcinit function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to...

EUVD-2011-0431

Malware in sbrugna...

pgAgent 安全漏洞

pgAgent is an open source job scheduler for PostgreSQL from the pgAdmin Project. A security vulnerability exists in pgAgent versions prior to 4.2.3 that stems from insufficient initialization of the random number generator used to generate directory names, which allows a local attacker to...

CVE-2022-45830

Missing Authorization vulnerability in Analytify.This issue affects Analytify: from n/a through 4.2.3...

WordPress plugin Jobify 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

PT-2024-12565 · Thimpress · Thimpress Learnpress

Name of the Vulnerable Software and Affected Versions: ThimPress LearnPress versions 4.2.3 and earlier Description: The issue is related to a Missing Authorization vulnerability in ThimPress LearnPress. Recommendations: For ThimPress LearnPress versions 4.2.3 and earlier, update to a version late...

Exploit for Cross-site Scripting in Sygnoos Popup_Builder

CVE-2023-6000 PoC How does this detection method work?...

TAIWAN-CA(TWCA) JCICSecurityTool Input Validation Error Vulnerability

TAIWAN-CATWCA JCICSecurityTool is an application from Taiwan Web Certification TWCA. An input validation error vulnerability exists in TAIWAN-CATWCA JCICSecurityTool version v4.2.3.32, which stems from insufficient filtering of special characters in registry-related functions, and can be exploite...

EC-CUBE 3 series and 4 series vulnerable to arbitrary code execution

Overview EC-CUBE 3 series and 4 series provided by EC-CUBE CO.,LTD. contain an arbitrary code execution vulnerability CWE-94 due to improper settings of the product's template engine "Twig". Takeshi Miura of N.F.Laboratories Inc. reported this vulnerability to EC-CUBE CO.,LTD. EC-CUBE CO.,LTD. In...

Docker Desktop Security Vulnerabilities

Docker Desktop is a container technology-based desktop software for lightweight deployment of applications from the U.S. company Docker. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

CVE-2023-25447

Cross-Site Request Forgery CSRF vulnerability in Inkthemescom ColorWay theme = 4.2.3 versions...

AZL-11350 CVE-2022-3474 affecting package bazel for versions less than 5.3.2-1

A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. We recommend upgrading to versions later than or equal to 5.3.2 or 4.2.3...

CVE-2022-25600

Cross-Site Request Forgery CSRF vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin versions = 4.2.3...

ch.mobi.mobitor:mobitor-base (>=3.1.305 <=3.1.313), cloud.piranha.extension:piranha-extension-hazelcast (>=21.6.0 <=21.10.0) +87 more potentially affected by unknown CVE via com.hazelcast:hazelcast (>=4.2 <=4.2.3)

com.hazelcast:hazelcast MAVEN version =4.2, =3.1.305, =21.6.0, =1.37.0, =3.1.5, =6.3.0, =4.5, =4.5, =4.5, =2.1.1, =4.2, =4.2.3 - com.hazelcast:hazelcast-hibernate5 =2.2.1 - com.hazelcast:hazelcast-hibernate5-parent =2.2.1 - com.hazelcast:hazelcast-hibernate52 =2.2.1 and more Source cves: unknown...

CVE-2020-24375

A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3...

PT-2020-15719 · Freebox · Freebox Server

Name of the Vulnerable Software and Affected Versions: Freebox Server versions prior to 4.2.3 Description: A DNS rebinding issue affects the Freebox OS web interface. This could potentially allow for malicious actions. Recommendations: For versions prior to 4.2.3, update to version 4.2.3 or later...

WordPress Email Subscribers & Newsletters Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Email Subscribers & Newsletters is an email subscription and newsletter plugin used in it. A cross-site request forgery vulnerability...