PT-2026-3990

Name of the Vulnerable Software and Affected Versions Apryse HTML2PDF SDK versions through 11.10 Description A flaw exists in the InsertFromURL function that may allow an attacker to execute arbitrary operating system commands on the local server. Recommendations Update to a version beyond 11.10...

Azure Linux 3.0 Security Update: kernel (CVE-2025-23150)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23150 advisory. - In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error in dosplit...

CVE-2025-14533

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insertuser' function not restricting the roles with which a user can register. This makes it possible for unauthenticated attackers to...

CVE-2025-14533

The Wordfence disclosure confirms CVE-2025-14533 affects the Advanced Custom Fields: Extended plugin for WordPress (

CVE-2025-14533 Advanced Custom Fields: Extended <= 0.9.2.1 - Unauthenticated Privilege Escalation via Insert User Form Action

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insertuser' function not restricting the roles with which a user can register. This makes it possible for unauthenticated attackers to...

WordPress Advanced Custom Fields: Extended plugin <= 0.9.2.1 - Unauthenticated Privilege Escalation via Insert User Form Action vulnerability

Unauthenticated Privilege Escalation via Insert User Form Action vulnerability discovered by andrea bocchetti in WordPress Plugin Advanced Custom Fields: Extended versions = 0.9.2.1...

WordPress plugin Advanced Custom Fields: Extended security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

MiracleLinux 8 : postgresql:10 (AXSA:2021-2311:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2311:01 advisory. postgresql: Buffer overrun from integer overflow in array subscripting calculations CVE-2021-32027 postgresql: Memory disclosure in INSERT ... ON...

MiracleLinux 4 : rh-postgresql95-postgresql-9.5.14-1.AXS4 (AXSA:2018-3313:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-3313:01 advisory. postgresql: Certain host connection parameters defeat client-side security defenses CVE-2018-10915 postgresql: Missing authorization and memory...

MiracleLinux 7 : rh-postgresql95-postgresql-9.5.14-1.el7 (AXSA:2018-3311:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-3311:01 advisory. postgresql: Certain host connection parameters defeat client-side security defenses CVE-2018-10915 postgresql: Missing authorization and memory...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix infinite loop in insertextenttree When we get wrong extent info data, and look up extentnode in rb tree, it will cause infinite loop CONFIGF2FSCHECKFS=n. Avoiding this by return NULL and print some kernel messages in th...

CVE-2009-4518

Cross-site scripting XSS vulnerability in the Insert Node module 5.x before 5.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via an inserted node...

CVE-2024-41435

YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter...

CVE-2023-25461

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in namithjawahar Wp-Insert plugin = 2.5.0 versions...

CVE-2023-50824

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brian Batt Insert or Embed Articulate Content into WordPress allows Stored XSS.This issue affects Insert or Embed Articulate Content into WordPress: from n/a through 4.3000000021...

CVE-2022-27873

An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain...

CVE-2019-16289

The insert-php aka Woody ad snippets plugin before 2.2.8 for WordPress allows authenticated XSS via the winpitem parameter...

CVE-2025-15411

A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the loc...

WebAssembly wabt 缓冲区错误漏洞

WebAssembly wabt is a WebAssembly binary toolkit open-sourced by WebAssembly. A buffer error vulnerability exists in WebAssembly wabt 1.0.39 and prior versions, which originates from a memory corruption in the wabt::AST::InsertNode function in the wasm-decompile component file...

UBUNTU-CVE-2023-54224

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix lockdep splat and potential deadlock after failure running delayed items When running delayed items we are holding a delayed node's mutex and then we will attempt to modify a subvolume btree to insert/update/delete the...