5093 matches found
SUSE SLES15 Security Update : kernel (Live Patch 58 for SLE 15 SP3) (SUSE-SU-2025:02832-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02832-1 advisory. This update for the Linux Kernel 5.3.18-15030059207 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID: cor...
WordPress FunnelKit Automations plugin <= 3.6.3 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin FunnelKit Automations versions = 3.6.3...
WordPress Essential Doo Components for Visual Composer plugin <= 1.9 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin Essential Doo Components for Visual Composer versions = 1.9...
Linux Distros Unpatched Vulnerability : CVE-2019-9511
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The...
Security update for the Linux Kernel (Live Patch 58 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-15030059207 fixes several issues. The following security issues were fixed: CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350. CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID bsc1247351...
WordPress Custom Comment plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Custom Comment versions = 2.1.6...
WordPress Pending Order Bot plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Vinit Lakra Patchstack Alliance in WordPress Plugin Pending Order Bot versions = 1.0.2...
WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin <= 1.3.9.0 - Directory Traversal via `wpcf7_guest_user_id` Cookie vulnerability
Directory Traversal via wpcf7guestuserid Cookie vulnerability discovered by Thien Tran in WordPress Plugin Drag and Drop Multiple File Upload – Contact Form 7 versions = 1.3.9.0...
WordPress Advanced iFrame plugin <= 2025.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Advanced iFrame versions = 2025.6...
WordPress Anber Elementor Addon plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Carousel button link vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Carousel button link vulnerability discovered by dayea song in WordPress Plugin Anber Elementor Addon versions = 1.0.1...
WordPress Soledad Theme <= 8.6.7 is vulnerable to Cross Site Scripting (XSS)
Software Soledad Type Theme Vulnerable versions = 8.6.7 Fixed in 8.6.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2025-8143 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2b64551fa293 Credits stealthcopter Required privilege...
WordPress StoryChief plugin <= 1.0.42 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by mikemyers in WordPress Plugin StoryChief versions = 1.0.42...
WordPress elink – Embed Content plugin <= 1.1.0 - Authenticated (Contributor+) Insufficient Input Validation vulnerability
Authenticated Contributor+ Insufficient Input Validation vulnerability discovered by Shreyas Malhotra shreyas-malhotra in WordPress Plugin elink Embed Content versions = 1.1.0...
Linux Distros Unpatched Vulnerability : CVE-2025-38104
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion...
WordPress EventON Lite plugin <= 2.4.6 - Authenticated (Contributor+) Information Disclosure vulnerability
Authenticated Contributor+ Information Disclosure vulnerability discovered by Takihana Shota in WordPress Plugin EventON versions = 2.4.6...
WordPress BizCalendar Web plugin <= 1.1.0.50 - Authenticated (Contributor+) Local File Inclusion vulnerability
Authenticated Contributor+ Local File Inclusion vulnerability discovered by muhammad yudha in WordPress Plugin bizcalendar-web versions = 1.1.0.53...
WordPress Graphina plugin <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Graphina versions = 3.1.3...
WordPress 12 Step Meeting List Plugin <= 3.18.3 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin 12 Step Meeting List versions = 3.18.3...
WordPress CM On Demand Search And Replace Plugin <= 1.5.2 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Bao BlueRock in WordPress Plugin CM On Demand Search And Replace versions = 1.5.2...
WordPress Embedder for Google Reviews Plugin <= 1.7.3 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Bao BlueRock in WordPress Plugin Embedder for Google Reviews versions = 1.7.3...