ROOT-OS-UBUNTU-2404-CVE-2025-21820 CVE-2025-21820 in rootio-linux - Patched by Root

Root has patched CVE-2025-21820 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

EUVD-2026-39770

Unauthenticated Cross Site Request Forgery CSRF in Child Theme Wizard = 1.4 versions...

EUVD-2026-39672

Unauthenticated SQL Injection in wpDataTables = 7.4 versions...

CVE-2025-10268 Printcart Web to Print Product Designer for WooCommerce <= 2.4.8 - Unauthenticated Folder Content Disclosure via Path Traversal

The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server...

CVE-2026-42389

CVE-2026-42389 fixes an issue by adding extra hardening in the 5.4.x branch through enhanced validation of incoming answers from authoritative servers (no exploited details provided in the documents).

Astra Linux – Vulnerability in libsoup2.4

A flaw was discovered in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range multiple times in a single HTTP request, causing the server to use large amounts of memory. This does not resul...

Astra Linux – Vulnerabilities in Firefox, Thunderbird, Expat, LibXMLTok

In doProlog, within xmlparse.c of the Expat library also known as libexpat, there is an integer overflow issue related to mgroupSize before version 2.4.3...

Astra Linux – Vulnerability in ruby-rails-html-sanitizer

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer 1.4.4 use a inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...

Astra Linux – Vulnerability in ffmpeg

In FFmpeg 4.4, the file libavcodec/dnxhddec.c does not check the return value of the initvlc function. This is a similar issue to CVE-2013-0868...

CVE-2026-56024 WordPress WP EasyPay plugin <= 4.4.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal WP EasyPay allows Cross Site Request Forgery. This issue affects WP EasyPay: from n/a through 4.4.0...

CVE-2026-40754

Unauthenticated PHP Object Injection in Roisin = 1.4 versions...

CVE-2026-39522

Unauthenticated Local File Inclusion in Solene = 3.4 versions...

CVE-2026-27410

Unauthenticated Deserialization of untrusted data in Slimstat Analytics 5.4.0 versions...

CVE-2026-40765

The CVE-2026-40765 entry details an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress collectchat plugin versions

CVE-2026-39522

CVE-2026-39522: WordPress Solene theme

BIT-MARIADB-MIN-2026-44172 MariaDB: mysql_real_escape_string() incorrectly handled big5

MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...

CVE-2026-52714 WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.16 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO = 12.4.16 versions...

PT-2026-50096

Unauthenticated Local File Inclusion in Solene = 3.4 versions...

EUVD-2026-36971

Sales Representative Arbitrary File Deletion in Groundhogg = 4.4 versions...

CVE-2026-48878

Subscriber Sensitive Data Exposure in Visual Link Preview = 2.4.1 versions...