547 matches found
EUVD-2026-36994
Unauthenticated Cross Site Scripting XSS in WP Time Slots Booking Form = 1.2.46 versions...
CVE-2026-48882
Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...
CVE-2026-40791
Unauthenticated Cross Site Scripting XSS in WP Time Slots Booking Form = 1.2.46 versions...
CVE-2026-48882 WordPress WP Time Slots Booking Form plugin <= 1.2.50 - SQL Injection vulnerability
Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...
EUVD-2026-36857
Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...
CVE-2026-48882
CVE-2026-48882 is a SQL Injection vulnerability in WordPress Plugin WP Time Slots Booking Form (versions
CVE-2026-48882 WordPress WP Time Slots Booking Form plugin <= 1.2.50 - SQL Injection vulnerability
Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...
CVE-2026-40791 WordPress WP Time Slots Booking Form plugin <= 1.2.46 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in WP Time Slots Booking Form = 1.2.46 versions...
CVE-2026-40791 WordPress WP Time Slots Booking Form plugin <= 1.2.46 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in WP Time Slots Booking Form = 1.2.46 versions...
CVE-2026-40791
CVE-2026-40791 affects the WordPress plugin WP Time Slots Booking Form (versions
PT-2026-49487
Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...
GHSA-FW38-PC54-JVX9 Klever-Go KVM: Throttler slot leak in trie account-data sync causes epoch bootstrap / state sync DoS
Summary The account-data trie syncers leak bounded throttler slots on error paths in syncDataTrie. Each failed trie sync permanently consumes one slot from the NumGoRoutinesThrottler, and the slot is never returned unless the sync succeeds or the root hash was already present. I confirmed this on...
Klever-Go KVM: Throttler slot leak in trie account-data sync causes epoch bootstrap / state sync DoS
Summary The account-data trie syncers leak bounded throttler slots on error paths in syncDataTrie. Each failed trie sync permanently consumes one slot from the NumGoRoutinesThrottler, and the slot is never returned unless the sync succeeds or the root hash was already present. I confirmed this on...
Klever-Go P2P MultiDataInterceptor leaks global throttler slots on malformed compressed batches (DoS)
Publisher note Fixed in v1.7.17. Operators running v1.7.17 should upgrade. The decompression-error path in MultiDataInterceptor.ProcessReceivedMessage now releases the global throttler slot before returning guarded defer after StartProcessing, disabled when the asynchronous goroutine takes...
WordPress WP Time Slots Booking Form plugin <= 1.2.50 - SQL Injection vulnerability
SQL Injection vulnerability discovered by xwii in WordPress Plugin WP Time Slots Booking Form versions = 1.2.50...
WordPress plugin Timetable and Event Schedule by MotoPress 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
cockpit security update
310.8-1.0.1 - Fixed cockpitwst selinux issue for tmpfs Orabug: 36013589 - Move update-motd out of cockpitwst context Orabug: 36013589 - Update documentation links Orabug: 34706402 - Drop subscription-manager-cockpit requirement for ol Orabug: 34681110 - Remove duplicate reference to server in...
PT-2026-43676
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the SLIP Serial Line IP implementation where the slhc init function allows a configuration with rslots set to 0, indicating no receive compression. In this state, the...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Immediately reset the MMU context when the SMM flag is cleared The MMU context should be immediately reset when the SMM flag of the vCPU is cleared, so that the SMM flag in the MMU context is always synchronized with th...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021538)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021538 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation To mitigate Spectre...