CVE-2026-6427

The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the filtervideos method that breaks HTML attribute quoting when processing crafted elements, combined with unescaped output in the...

PT-2026-44198

The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the filter videos method that breaks HTML attribute quoting when processing crafted elements, combined with unescaped output in the...

MiracleLinux 7 : php-5.4.16-48.0.11.el7.AXS7 (AXSA:2025-10916:10)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10916:10 advisory. CVE-2017-9224: fix out-of-bounds read of a stack in matchat function CVE-2017-9226: fix out-of-bounds write or read of a heap in nextstateval...

PT-2016-2961 · Adobe +3 · Flash Player +3

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions 23.0.0.207 and earlier Adobe Flash Player versions 11.2.202.644 and earlier Description: The issue is caused by a buffer boundary violation in the RegExp class of the Flash Player platform. It may allow a remote...