20 matches found
UBUNTU-CVE-2026-0665
An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption...
MiracleLinux 7 : pacemaker-1.1.13-10.el7 (AXSA:2015-850:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2015-850:01 advisory. Pacemaker is an advanced, scalable High-Availability cluster resource manager for Corosync, CMAN and/or Linux-HA. It supports more than 16 node clusters with...
CVE-2025-13660
The Guest Support plugin for WordPress is vulnerable to User Email Disclosure in versions up to, and including, 1.2.3. This is due to the plugin exposing a public AJAX endpoint that allows anyone to search for and retrieve user email addresses without any authentication or capability checks. This...
EUVD-2025-203061
The Guest Support plugin for WordPress is vulnerable to User Email Disclosure in versions up to, and including, 1.2.3. This is due to the plugin exposing a public AJAX endpoint that allows anyone to search for and retrieve user email addresses without any authentication or capability checks. This...
CVE-2025-13660
The Guest Support plugin for WordPress is vulnerable to User Email Disclosure in versions up to, and including, 1.2.3. This is due to the plugin exposing a public AJAX endpoint that allows anyone to search for and retrieve user email addresses without any authentication or capability checks. This...
CVE-2025-13660 Guest Support <= 1.2.3 - Unauthenticated User Email Disclosure in guest_support_handler AJAX Endpoint
The Guest Support plugin for WordPress is vulnerable to User Email Disclosure in versions up to, and including, 1.2.3. This is due to the plugin exposing a public AJAX endpoint that allows anyone to search for and retrieve user email addresses without any authentication or capability checks. This...
CVE-2025-13660 Guest Support <= 1.2.3 - Unauthenticated User Email Disclosure in guest_support_handler AJAX Endpoint
The Guest Support plugin for WordPress is vulnerable to User Email Disclosure in versions up to, and including, 1.2.3. This is due to the plugin exposing a public AJAX endpoint that allows anyone to search for and retrieve user email addresses without any authentication or capability checks. This...
CVE-2025-13660
CVE-2025-13660 (Guest Support, WordPress): The vulnerability is an unauthenticated User Email Disclosure in versions up to and including 1.2.3. An exposed AJAX endpoint (guest_support_handler=ajax) allows arbitrary querying of users (request=get_users) without authentication or capability checks,...
WordPress plugin Guest Support 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An information disclosure...
PT-2025-50891
The Guest Support plugin for WordPress is vulnerable to User Email Disclosure in versions up to, and including, 1.2.3. This is due to the plugin exposing a public AJAX endpoint that allows anyone to search for and retrieve user email addresses without any authentication or capability checks. This...
WordPress Guest Support plugin <= 1.2.3 - Unauthenticated User Email Disclosure in guest_support_handler AJAX Endpoint vulnerability
Unauthenticated User Email Disclosure in guestsupporthandler AJAX Endpoint vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Guest Support versions = 1.2.3...
EUVD-2025-20386
Malicious code in bioql PyPI...
CVE-2025-5957
The Guest Support – Complete customer support ticket system for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteMassTickets' function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated...
CVE-2025-5957 Guest Support – Complete customer support ticket system for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Ticket Deletion
The Guest Support – Complete customer support ticket system for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteMassTickets' function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated...
CVE-2025-5957 Guest Support – Complete customer support ticket system for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Ticket Deletion
The Guest Support – Complete customer support ticket system for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteMassTickets' function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated...
WordPress plugin Guest Support 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugi...
CVE-2023-46840
Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guests is compiled out of Xen...
CVE-2023-46840
CVE-2023-46840 concerns Xen where an incorrect placement of a preprocessor directive in Xen source leads to logic that does not operate as intended when HVM guest support is compiled out. The vulnerability is described across multiple connected advisories (e.g., Nessus/OPENVAS entries and OSV/nvd...
SUSE-SU-2018:1362-2 Security update for qemu
This update for qemu fixes several issues. This security issue was fixed: - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests bsc1092885. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prio...
DEBIAN-CVE-2016-9907
Quick Emulator Qemu built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredirhandledestroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host...