Ubigeo de Peru < 3.6.4 - SQL Injection

The plugin does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections. id: CVE-2022-0814 info: name: Ubigeo de Peru 3.6.4 - SQL Injection author: r3Y3r53...

Jailbreaking Frontier Foundation Models through Intention Deception

Large vision-language models exhibit remarkable capability but remain highly susceptible to jailbreaking. Existing safety training approaches aim to have the model learn a refusal boundary between safe and unsafe, based on the user's intent. It has been found that this binary training regime ofte...

cc.chensoul.nacos:nacos-distribution (=2.5.2), cn.sparrowmini:sparrow-org-service (=0.0.1) +625 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=5.8.0 <=5.8.2)

org.springframework.security:spring-security-core MAVEN version =5.8.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.12.0, =5.12.0, =1.48.0, =1.48.0, =1.48.0, =2.4.0, =2.4.0, =2.4.0, =2.6.0 and more Source cves: CVE-2026-22746 Source advisory: OSV:GHSA-VXF7-QJ7Q-83FH...

SUSE-SU-2026:1000-1 Security update for the Linux Kernel (Live Patch 24 for SUSE Linux Enterprise 15 SP5)

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.97 fixes various security issues The following security issues were fixed: - CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc1255595. - CVE-2023-53257: wifi: mac80211: check S1G action frame siz...

cc.chensoul.nacos:nacos-distribution (=2.5.2), com.buession.security:buession-security-spring (>=3.0.0 <=3.0.1) +521 more potentially affected by CVE-2026-22732 via org.springframework.security:spring-security-web (>=5.8.0 <=5.8.16)

org.springframework.security:spring-security-web MAVEN version =5.8.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.12.0, =5.12.0, =1.48.0, =1.48.0, =1.48.0, =2.4.0, =2.4.0, =2.4.0, =4.5.0, =4.5.0, =4.5.1 and more Source cves: CVE-2026-22732 Source advisory: OSV:GHSA-MF92-479X-3373...

CVE-2025-69386

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in realvirtualmx RVCFDI para Woocommerce rvcfdi-para-woocommerce allows Reflected XSS.This issue affects RVCFDI para Woocommerce: from n/a through = 8.1.8...

CVE-2025-69386 WordPress RVCFDI para Woocommerce plugin <= 8.1.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in realvirtualmx RVCFDI para Woocommerce rvcfdi-para-woocommerce allows Reflected XSS.This issue affects RVCFDI para Woocommerce: from n/a through = 8.1.8...

WordPress plugin RVCFDI para Woocommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-21167

Name of the Vulnerable Software and Affected Versions RVCFDI para Woocommerce versions through 8.1.8 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a potential Reflected Cross-Site Scripting XSS condition. This could all...

CVE-2025-15400

The OpenPix for WooCommerce WordPress plugin through 2.13.3 allows any authenticated user to trigger AJAX actions that reset payment gateway configuration options without capability or nonce checks. This permits any authenticated users, such as subscribers to clear API credentials and webhook...

SUSE-SU-2026:0350-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50282: chardev: fix error handling in cdevdeviceadd bsc1249739. - CVE-2022-50630: mm: hugetlb: fix UAF in hugetlbhandleuserfault bsc1254785. - CVE-2022-50700:...

com.digitalpebble.stormcrawler:storm-crawler-opensearch (=2.11), com.erudika:para-search-elasticsearch (>=1.41.1 <=1.41.3) +103 more potentially affected by CVE-2025-9624 via org.opensearch:opensearch-common (>=2.10.0 <=2.19.3)

org.opensearch:opensearch-common MAVEN version =2.10.0, =1.41.1, =1.0.0-TEST, =3.0.7, =0.1.3, =0.1.3, =0.1.3, =0.1.2, =0.1.2, =0.1.2, =1.2.3, =1.2.3, =1.2.3, =4.0.0.0, =4.0.5.2 and more Source cves: CVE-2025-9624 Source advisory: OSV:GHSA-MW3V-MMFW-3X2Ghttps://vulners.com/o...

com.erudika:para-search-elasticsearch (=1.42.0), org.codelibs.fesen.client:fesen-httpclient (>=3.0.0 <=3.2.0) +43 more potentially affected by CVE-2025-9624 via org.opensearch:opensearch-common (>=3.0.0 <=3.2.0)

org.opensearch:opensearch-common MAVEN version =3.0.0, =3.0.0, =15.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0.0, =3.22.0, =3.0.0, =3.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.2 and more Source cves: CVE-2025-9624 Source advisory: OSV:GHSA-MW3V-MMFW-3X2G...

EUVD-2009-3507

Malware in sbrugna...

EUVD-2024-20166

Malicious code in bioql PyPI...

EUVD-2025-27002

Malicious code in bioql PyPI...

EUVD-2022-4776

Malicious code in bioql PyPI...

EUVD-2024-45407

Malicious code in bioql PyPI...

kernel: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Set the size to 6 instead of 2, since 'para' array is passed to 'rtwfwbtwificontrolrtwdev, para0, &para1', which reads 5 bytes: void rtwfwbtwificontrolstruct...

kernel: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Set the size to 6 instead of 2, since 'para' array is passed to 'rtwfwbtwificontrolrtwdev, para0, &para1', which reads 5 bytes: void rtwfwbtwificontrolstruct...