1841 matches found
WordPress The Plus Addons for Elementor - Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 6.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Progress Bar vulnerability
WordPress The Plus Addons for Elementor - Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin = 6.4.9 - Authenticated Contributor+ Stored Cross-Site Scripting via Progress Bar vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in...
Linux Distros Unpatched Vulnerability : CVE-2026-23460
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/rose: fix NULL pointer dereference in rosetransmitlink on reconnect syzkaller reported a bug 1, and the reproducer is available at 2. ROSE sockets use four...
SUSE CVE-2026-23460
In the Linux kernel, the following vulnerability has been resolved: net/rose: fix NULL pointer dereference in rosetransmitlink on reconnect syzkaller reported a bug 1, and the reproducer is available at 2. ROSE sockets use four sk-skstate values: TCPCLOSE, TCPLISTEN, TCPSYNSENT, and TCPESTABLISHE...
UBUNTU-CVE-2026-23460
In the Linux kernel, the following vulnerability has been resolved: net/rose: fix NULL pointer dereference in rosetransmitlink on reconnect syzkaller reported a bug 1, and the reproducer is available at 2. ROSE sockets use four sk-skstate values: TCPCLOSE, TCPLISTEN, TCPSYNSENT, and TCPESTABLISHE...
CVE-2026-23460
In the Linux kernel, the following vulnerability has been resolved: net/rose: fix NULL pointer dereference in rosetransmitlink on reconnect syzkaller reported a bug 1, and the reproducer is available at 2. ROSE sockets use four sk-skstate values: TCPCLOSE, TCPLISTEN, TCPSYNSENT, and TCPESTABLISHE...
CVE-2026-23460
CVE-2026-23460 (Linux kernel) affects the Rose (net/rose) path. The bug occurs when a second connect() is issued while a first connect is in progress (state TCP_SYN_SENT); rose_get_neigh() may return NULL, leaving rose->state ROSE_STATE_1 with neighbour NULL, and on socket close rose_transmit_...
PT-2026-30154
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a flaw in the net/rose component where a NULL pointer dereference could occur in the rose transmit link function during a reconnect attempt. This issue arose...
CVE-2026-2737
A vulnerability exists in Progress Flowmon versions prior to 12.5.8 and 13.0.6, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session...
CVE-2026-2737
A vulnerability exists in Progress Flowmon versions prior to 12.5.8 and 13.0.6, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session...
CVE-2026-2737
CVE-2026-2737 affects Progress Flowmon before versions 12.5.8 and 13.0.6. An administrator who clicks a malicious link within an authenticated Flowmon web session may trigger unintended actions. The available sources describe the affected product versions and the login-session impact but do not s...
CVE-2026-2737 Possibility of unintended actions when an administrator clicks a malicious link in the Progress Flowmon web application
A vulnerability exists in Progress Flowmon versions prior to 12.5.8 and 13.0.6, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session...
CVE-2026-3692 Unintended command execution during report generation in Progress Flowmon
In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the report generation process that results in unintended commands being executed on the server...
CVE-2026-3692
Progress Flowmon
CVE-2026-2701 RCE vulnerability in Progress ShareFile Storage Zones Controller (SZC)
Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution...
CVE-2026-2701
Progress ShareFile Storage Zones Controller (SZC) is affected by CVE-2026-2701: authenticated users can upload a file that is then executed on the server, enabling remote code execution. The issue is tied to the SZC component and is documented across multiple sources as an RCE risk. Remediation i...
CVE-2026-2701 RCE vulnerability in Progress ShareFile Storage Zones Controller (SZC)
Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution...
CVE-2026-2699 EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)
Customer Managed ShareFile Storage Zones Controller SZC allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution...
ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories
The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just a quick and honest look at the messy reality of keeping systems safe this week. Things are moving fast. The list includes researchers...
Progress ShareFile Storage Zones Controller 代码问题漏洞
Progress ShareFile Storage Zones Controller is a file storage zone management control component developed by the American company Progress. There is a code vulnerability in Progress ShareFile Storage Zones Controller. This vulnerability stems from the fact that authenticated users can upload...
Progress Flowmon 跨站脚本漏洞
Progress Flowmon is a real-time network traffic monitoring tool developed by Progress Corporation. Versions of Progress Flowmon prior to 12.5.8 and 13.0.6 contained a cross-site scripting vulnerability. This vulnerability could lead to unexpected operations when administrators clicked on maliciou...