10 matches found
PT-2026-40828
Name of the Vulnerable Software and Affected Versions OPNsense versions prior to 26.1.7 Description A logic flaw in the lockout handler allows an unauthenticated attacker to continuously reset the authentication failure counter for their IP address. By interjecting a crafted username containing a...
CVE-2026-2020
The WordPress JS Archive List plugin (all versions up to 6.1.7) is vulnerable to PHP Object Injection via the shortcodes’ included attribute. The vulnerability arises from deserializing untrusted input, enabling authenticated attackers with Contributor-level access or higher to inject a PHP objec...
EUVD-2025-36121
Stored cross-site scripting XSS vulnerability in the LMT Dashboard of the Perx Customer Engagement & Loyalty Platform allows an authenticated attacker to execute arbitrary JavaScript code in a victim's browser. The vulnerability is due to improper sanitization of SVG file uploads. An attacker can...
PT-2024-39951 · WordPress · Woo Manage Fraud Orders
Name of the Vulnerable Software and Affected Versions: Woo Manage Fraud Orders plugin for WordPress versions up to, and including, 6.1.7 Description: The issue is related to Reflected Cross-Site Scripting via the page parameter due to insufficient input sanitization and output escaping. This allo...
CVE-2023-6174 Out-of-bounds Read in Wireshark
SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file...
CVE-2023-40068
Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative...
PT-2023-35078 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.19 through v6.1.6 Description: A memory leak issue was discovered in the msm mdss parse data bus icc path function. The actual impact and attack plausibility have not yet been proven. This issue was introduced in...
PT-2023-34779 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.7 Description: The issue concerns the removal of rcu locks from user resources in the drm/vmwgfx component. It was introduced in version v4.20 and is fixed in Linux Kernel version v6.1.7. The actual impact...
PT-2023-34770 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.7 Description: A potential security issue exists due to a missing call to ssam request sync free. The actual impact and attack plausibility have not yet been proven. This issue was introduced in version v5....
PT-2023-34768 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.7 Description: A NULL-deref issue was discovered in the init error path of the EFI module. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prio...