3385 matches found
CVE-2026-57349
Unauthenticated Cross Site Scripting XSS in WPeMatico RSS Feed Fetcher = 2.8.17 versions...
CVE-2026-57349
CVE-2026-57349 affects the WordPress plugin WPeMatico RSS Feed Fetcher (versions
CVE-2026-13252
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'aspectRatio' Attribute in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. Th...
CVE-2026-13251
The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the 's' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...
Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE
The Import XML and RSS Feeds WordPress plugin before 2.1.5 allows unauthenticated attackers to execute arbitrary commands via a web shell. id: CVE-2023-4521 info: name: Import XML and RSS Feeds 2.1.5 - Unauthenticated RCE author: princechaddha severity: critical description: The Import XML and RS...
Changedetection.io RSS Single Watch - Cross-Site Scripting
changedetection.io 0.54.1 contains a stored XSS caused by unescaped reflection of UUID path parameter in RSS single-watch endpoint, letting remote attackers execute JavaScript in victim's browser, exploit requires victim to visit crafted URL. id: CVE-2026-27645 info: name: Changedetection.io RSS...
Cross RSS 1.7 - Local File Inclusion
Absolute path traversal vulnerability in Cross-RSS wp-cross-rss plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php. id: CVE-2014-4941 info: name: Cross RSS 1.7 - Local File Inclusion author: DhiyaneshDK severity: medium...
WordPress RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin <= 5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by PRISM in WordPress Plugin Feedzy versions = 5.2.1...
CVE-2026-57946
Invidious before version 2.20260626.0 contains a broken access control vulnerability that allows unauthenticated attackers to retrieve private playlist contents by accessing the RSS feed playlist endpoint without authentication. Attackers can supply a playlist ID to the feed endpoint to obtain th...
CVE-2026-57940
HTMLy 3.1.1 contains a Server-Side Request Forgery SSRF vulnerability in the RSS feed import functionality. The function getfeed in system/admin/admin.php passes user-supplied $feedurl directly to filegetcontents without any validation. An authenticated attacker with administrative privileges can...
CVE-2026-57940
CVE-2026-57940 affects HTMLy 3.1.1 and describes an SSRF in the RSS feed import. The vulnerable code path is get_feed() in system/admin/admin.php, which passes user-supplied feed_url directly to file_get_contents() without validation. An authenticated admin can exploit this by supplying a crafted...
Oracle Linux 9 : kernel (ELSA-2026-27789)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-27789 advisory. - net/sched: fix pedit partial COW leading to page cache corruption Ivan Vecera RHEL-177392 CVE-2026-46331 - scsi: qla2xxx: Completely fix fcport doub...
Security Bulletin: SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection
Summary Langflow OSS versions = 1.9.3 contain SSRF vulnerability in legacy RSS Reader and SearXNG components that bypass SSRF protection introduced in v1.9.3. RSSReaderComponent calls requests.getself.rssurl directly on user input without validateurlforssrf check, completely bypassing protection...
RockyLinux 9 : kernel (RLSA-2026:27789)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:27789 advisory. kernel: can: isotp: fix tx.buf use-after-free in isotpsendmsg CVE-2026-31474 kernel: mptcp: fix slab-use-after-free in inetlookupestablished...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: iavf: Fixed off-by-one issues in iavfconfigrssreg There are off-by-one bugs when configuring the RSS hash key and lookup table, causing out-of-bounds reads to memory 1 and out-of-bounds writes to device registers. Before commi...
kernel: bnxt_en: Fix RSS context delete logic
A flaw was found in the bnxten driver of the Linux kernel. An issue in the RSS Receive Side Scaling context deletion logic can lead to a leak of VNICs Virtual Network Interface Controllers in the firmware. This can cause subsequent attempts to create new VNICs to fail, resulting in the loss of...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: idpf: Fix RSS LUT NULL pointer crash on early ethtool operations The RSS LUT is not initialized until the interface comes up, causing the following NULL pointer crash when ethtool operations like rxhash on/off are performed befor...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bnxten: A memory out-of-bounds issue was fixed in bnxtfillhwrsstbl. A recent commit modified the code in bnxtreserverings to set the default RSS indirection table to the default value only when the number of RX rings is changing...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: idpf: Fixed the issue where the RSS LUT NULL pointer dereference occurred after a soft reset. During a soft reset, the RSS LUT is freed and not restored unless the interface is active. If an ethtool command that accesses the R...
ALSA-2026:27288 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: isotp: fix tx.buf use-after-free in isotpsendmsg CVE-2026-31474 kernel: mptcp: fix slab-use-after-free in inetlookupestablished CVE-2026-31669 kernel: rxrpc: Fix RxGK token loading t...