EUVD-2026-33692

Missing Authorization vulnerability in Paolo GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GeoDirectory: from n/a through 2.8.157...

PT-2026-45458

Missing Authorization vulnerability in Paolo GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GeoDirectory: from n/a through 2.8.157...

WordPress Career Section plugin <= 1.7 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Paolo Tresso - Wordfence in WordPress Plugin Career Section versions = 1.7...

WordPress WPFunnels plugin <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpf_optin_form' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'wpfoptinform' Shortcode vulnerability discovered by Paolo Tresso - Wordfence in WordPress Plugin WPFunnels versions = 3.7.9...

WordPress Mail Mint plugin <= 1.19.2 - Authenticated (Administrator+) SQL Injection via Multiple API Endpoints vulnerability

Authenticated Administrator+ SQL Injection via Multiple API Endpoints vulnerability discovered by Paolo Tresso - Wordfence in WordPress Plugin Mail Mint versions = 1.19.2...

CVE-2026-24549

Cross-Site Request Forgery CSRF vulnerability in Paolo GeoDirectory geodirectory allows Cross Site Request Forgery.This issue affects GeoDirectory: from n/a through = 2.8.149...

CVE-2026-24549

Cross-Site Request Forgery CSRF vulnerability in Paolo GeoDirectory allows Cross Site Request Forgery.This issue affects GeoDirectory: from n/a before 2.8.150...

PT-2026-4393

Name of the Vulnerable Software and Affected Versions Paolo GeoDirectory versions through 2.8.147 Description A Cross-Site Request Forgery CSRF issue exists in Paolo GeoDirectory geodirectory, allowing attackers to perform actions on behalf of authenticated users. This can potentially lead to...

CVE-2025-31592 WordPress Send E-mail plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paolo Melchiorre Send E-mail send-e-mail allows Stored XSS.This issue affects Send E-mail: from n/a through = 1.3...

CVE-2022-48970

In the Linux kernel, the following vulnerability has been resolved: afunix: Get userns from inskb in unixdiaggetexact. Wei Chen reported a NULL deref in skuserns 01, and Paolo diagnosed the root cause: in unixdiaggetexact, the newly allocated skb does not have sk. 2 We must get the userns from th...

CVE-2022-48970

CVE-2022-48970 : In the Linux kernel, a NULL pointer dereference in af_unix handling can occur when unix_diag_get_exact() processes a netlink message because a newly allocated skb may not have skb-&gt;sk. The root cause is that unix_diag_get_exact() must obtain the user namespace from the NETLINK...

CVE-2024-39500 sock_map: avoid race between sock_map_close and sk_psock_put

In the Linux kernel, the following vulnerability has been resolved: sockmap: avoid race between sockmapclose and skpsockput skpsockget will return NULL if the refcount of psock has gone to 0, which will happen when the last call of skpsockput is done. However, skpsockdrop may not have finished ye...

CVE-2024-39500 sock_map: avoid race between sock_map_close and sk_psock_put

In the Linux kernel, the following vulnerability has been resolved: sockmap: avoid race between sockmapclose and skpsockput skpsockget will return NULL if the refcount of psock has gone to 0, which will happen when the last call of skpsockput is done. However, skpsockdrop may not have finished ye...

Malicious code in down_load_ebook_criptovalute_by_paolo_pigna_0h9nc (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2166 Malicious code in down_load_ebook_criptovalute_by_paolo_pigna_0h9nc (npm)

--- -= Per source details. Do not edit below this line.=-...

paolomaleddu.it Cross Site Scripting vulnerability OBB-3650633

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress WP-Optimize Plugin < 3.2.13 is vulnerable to Cross Site Scripting (XSS)

Software WP-Optimize Type Plugin Vulnerable versions 3.2.13 Fixed in 3.2.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1119 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 74a58d2a57e4 Credits Paolo Elia Required...

virt:kvm_utils security update

hivex 1.3.18-21 - Bounds check for block exceeding page length CVE-2021-3504 resolves: rhbz1950501 libguestfs 1.40.2-28.0.1 - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 Orabug: 29319324 - Set DISTROORACLELINUX correspeonding to ol 1:1.40.2-28 -...

LanSpy 2.0.1.159 - Stack Buffer Overflow

LanSpy version 2.0.1.159 stack buffer overflow exploit that adds a user. """ Exploit title: LanSpy v.2.0.1.159 - Stack Buffer Overflow Exploit Author: Paolo Stagno aka VoidSec - email protected - https://voidsec.com Vendor Homepage: https://lizardsystems.com/ Download:...

kernel security and bug fix update

4.18.0-193.1.22.OL8 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 4.18.0-193.1.22 - net netlabel: cope with NULL catmap Paolo Abeni 1827249...