pyLoad has an Arbitrary File Write via Path Traversal in edit_package()

The editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be bypassed using crafted recursive traversal sequences. Exploitation An authenticated user with MODIFY permission can...

SUSE SLES12 Security Update : kernel (Live Patch 73 for SUSE Linux Enterprise 12 SP5) (SUSE-SU-2026:0707-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0707-1 advisory. This update for the SUSE Linux Enterprise kernel 4.12.14-122.275 fixes various security issues The following security issues were fixed: -...

Security Bulletin: CVE-2022-3510 fixed in Cloudera Data Platform Private Cloud Base 7.1.7 SP3

Summary Security Bulletin: CVE-2022-3510 fixed in Cloudera Data Platform Private Cloud Base 7.1.7 SP3 Vulnerability Details CVEID:CVE-2022-3510 DESCRIPTION: A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3,...

Security Bulletin: Common Vulnerabilities found in Cloudera Data Platform Private Cloud base with IBM

Summary Common Vulnerabilities found in Cloudera Data Platform Private Cloud base with IBM v7.1.9. Upgrade to the latest service pack and hotfix to ensure fixes to the addressed vulnerabilities are obtained. Vulnerability Details CVEID:CVE-2020-9493 DESCRIPTION: A deserialization flaw was found i...

CVE-2026-3010

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip TimePictra allows Query System for Information.This issue affects TimePictra: from 11.0 through 11.3 SP2...

CVE-2026-2844

Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configuration/Environment Manipulation.This issue affects TimePictra: from 11.0 through 11.3 SP2...

Microchip TimePictra 安全漏洞

Microchip TimePictra is a synchronization network management software developed by the American company Microchip. Versions of Microchip TimePictra 11.3 SP2 and earlier contained security vulnerabilities. These vulnerabilities were due to improper input during web page generation, which could lea...

Microchip TimePictra 安全漏洞

Microchip TimePictra is a synchronization network management software developed by the American company Microchip. Versions of Microchip TimePictra 11.3 SP2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication for critical functions, which...

WordPress Fluent Forms Pro Add On Pack plugin <= 6.1.17 - Missing Authorization to Unauthenticated Payment Status modification vulnerability

Missing Authorization to Unauthenticated Payment Status modification vulnerability discovered by Prickly Cactus in WordPress Plugin Fluent Forms Pro Add On Pack versions = 6.1.17...

CVE-2026-2428

The CVE concerns the Fluent Forms Pro Add On Pack for WordPress, vulnerable in all versions up to 6.1.17 due to disabled PayPal IPN verification (disable_ipn_verification defaults to 'yes' in PayPalSettings.php). This enables unauthenticated attackers to send forged PayPal IPN notifications to th...

RHSA-2026:2994 Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP3 security update

Bulletin has no description...

Novarain/Tassos Framework, , SQL Injection

allow SQL injection and unauthenticated file reads. Attackers can chain these issues for administrator takeover and remote code execution on unpatched systems. Affected extensions include Convert Forms, EngageBox, Google Structured Data, Advanced Custom Fields, and Smile Pack, all relying on the...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2023-54013: interconnect: Fix locking for runpm vs reclaim bsc1256280. CVE-2025-39880: libceph: fix invalid accesses to cephconnectionv1info bsc1250388...

GO-2026-4473 Improper verification of data integrity values for .idx and .pack files in github.com/go-git/go-git

Improper verification of data integrity values for .idx and .pack files in github.com/go-git/go-git...

IBM QRadar SIEM 7.5.x < 7.5.0 UP14 Multiple XSS

According to its self-reported version, the IBM QRadar SIEM installation on the remote host is 7.5.x prior to 7.5.0 Update Pack 14. It is, therefore, affected by multiple stored cross-site scripting XSS vulnerabilities: - A vulnerability that allows an authenticated user to embed arbitrary...

SUSE SLES15 Security Update : kernel (Live Patch 36 for SUSE Linux Enterprise 15 SP4) (SUSE-SU-2026:0565-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0565-1 advisory. This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.150 fixes various security issues The following security issues were fixed: ...

CVE-2026-1793

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'rendersvg' function. This makes it possible for authenticated attackers, with...

CVE-2026-1793

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'rendersvg' function. This makes it possible for authenticated attackers, with...

CVE-2026-1793 Element Pack Addons for Elementor <= 8.3.17 - Authenticated (Contributor+) Arbitrary File Read

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'rendersvg' function. This makes it possible for authenticated attackers, with...

CVE-2026-1793

The CVE-2026-1793 entry concerns the Element Pack Addons for Elementor plugin for WordPress. All versions up to and including 8.3.17 are vulnerable via the SVG widget due to insufficient file validation in the render_svg function, enabling authenticated attackers with contributor-level access or ...