CVE-2026-24355

Summary: CVE-2026-24355 is a Stored XSS in the Houzez Theme - Functionality (Houzez Theme - Functionality plugin) for WordPress. The issue arises from improper neutralization of input during web page generation, allowing stored malicious payloads to be executed in the context of the affected site...

CVE-2026-24355 WordPress Houzez Theme - Functionality plugin <= 4.2.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality allows Stored XSS.This issue affects Houzez Theme - Functionality: from n/a through = 4.2.6...

CVE-2026-24355

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality allows Stored XSS.This issue affects Houzez Theme - Functionality: from n/a through = 4.2.6...

CVE-2026-24355 WordPress Houzez Theme - Functionality plugin <= 4.2.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality allows Stored XSS.This issue affects Houzez Theme - Functionality: from n/a through = 4.2.6...

CVE-2025-68009

Missing Authorization vulnerability in Codeless Slider Templates slider-templates allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slider Templates: from n/a through = 1.0.3...

PT-2026-4251

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality allows Stored XSS.This issue affects Houzez Theme - Functionality: from n/a through = 4.2.6...

Incus path traversal vulnerability

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 6.21.0 contained a path traversal vulnerability. This vulnerability stemmed from directory traversal or symbolic link issues within the template functionality, which could lead to arbitrary file...

CVE-2025-54778

Talos discloses a post-authenticated, reflected cross-site scripting vulnerability in MedDream PACS Premium 7.3.6.870’s Pacs/existingUser.php. The attacker can craft a URL that injects JavaScript (via the external parameter) and triggers arbitrary code execution in the context of the user’s brows...

CVE-2025-36556

A reflected cross-site scripting xss vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2026-1197 MineAdmin downloadById information disclosure

A vulnerability was detected in MineAdmin 1.x/2.x. Affected by this vulnerability is an unknown functionality of the file /system/downloadById. Performing a manipulation of the argument ID results in information disclosure. The attack can be initiated remotely. The attack's complexity is rated as...

CVE-2026-23851

SiYuan Note (v3.5.3–pre-3.5.4) contains a logic flaw in /api/file/globalCopyFiles that lets authenticated users copy files from arbitrary locations on the server filesystem into the app workspace due to missing validation of source paths against the workspace boundary. The vulnerability exists in...

[SECURITY] Fedora 42 Update: libtpms-0.10.2-1.fc42

A library providing TPM functionality for VMs. Targeted for integration into Qemu...

[SECURITY] Fedora 43 Update: libtpms-0.10.2-1.fc43

A library providing TPM functionality for VMs. Targeted for integration into Qemu...

PT-2026-3397

Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description A security flaw exists in Yonyou KSOA 9.0 related to the manipulation of the ID parameter within an HTTP GET request to the file '/worksheet/work report.jsp'. This manipulation can lead to SQL injection...

WordPress Houzez Theme - Functionality plugin <= 4.2.6 - Cross Site Scripting (XSS) vulnerability

WordPress Houzez Theme - Functionality plugin = 4.2.6 - Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Houzez Theme - Functionality versions = 4.2.6...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003969)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003969 advisory. A use after free in the Linux kernel File System notify functionality was found in the way user triggers copyinforecordstouser call to fail in copyeventtouser. A loc...

CVE-2026-22265 Roxy-WI has a Command Injection via grep parameter in logs.py allows authenticated RCE

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py...

CVE-2026-23492

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL...

CVE-2026-22237 Exposed Internal API Documentation Vulnerability in BLUVOYIX

The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability...

PT-2026-2860

The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability...