551 matches found
GHSA-4FC2-H7JH-287C zebrad has mempool transaction admission denial via single-peer inbound queue saturation
Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your node accepts inbound P2P connections network.listenaddr is set, which is the default. 3. Your node's mempool is active node is synced near the chain tip. All default configurations are affected. Summary A...
CVE-2026-11823
The BookingPress Appointment Booking Pro plugin for WordPress is vulnerable to SQL Injection via the 'storeservicedate' parameter of the bpaassignstaffmembertoslots function in versions up to and including 5.7.1. This is due to the explicit use of stripslashesdeep on user-supplied POST data befor...
CVE-2026-11823 BookingPress Appointment Booking Pro <= 5.7.1 - Unauthenticated SQL Injection via 'store_service_date' Parameter
The BookingPress Appointment Booking Pro plugin for WordPress is vulnerable to SQL Injection via the 'storeservicedate' parameter of the bpaassignstaffmembertoslots function in versions up to and including 5.7.1. This is due to the explicit use of stripslashesdeep on user-supplied POST data befor...
CVE-2026-52969 KVM: Reject wrapped offset in kvm_reset_dirty_gfn()
In the Linux kernel, the following vulnerability has been resolved: KVM: Reject wrapped offset in kvmresetdirtygfn kvmresetdirtygfn guards the gfn range with if !memslot || offset + flsmask = memslot-npages return; but offset is u64 and the addition is unchecked. The check can be silently bypasse...
EUVD-2026-36994
Unauthenticated Cross Site Scripting XSS in WP Time Slots Booking Form = 1.2.46 versions...
CVE-2026-48882
Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...
CVE-2026-40791
Unauthenticated Cross Site Scripting XSS in WP Time Slots Booking Form = 1.2.46 versions...
CVE-2026-48882
CVE-2026-48882 is a SQL Injection vulnerability in WordPress Plugin WP Time Slots Booking Form (versions
EUVD-2026-36857
Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...
CVE-2026-48882 WordPress WP Time Slots Booking Form plugin <= 1.2.50 - SQL Injection vulnerability
Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...
CVE-2026-48882 WordPress WP Time Slots Booking Form plugin <= 1.2.50 - SQL Injection vulnerability
Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...
CVE-2026-40791 WordPress WP Time Slots Booking Form plugin <= 1.2.46 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in WP Time Slots Booking Form = 1.2.46 versions...
CVE-2026-40791 WordPress WP Time Slots Booking Form plugin <= 1.2.46 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in WP Time Slots Booking Form = 1.2.46 versions...
CVE-2026-40791
CVE-2026-40791 affects the WordPress plugin WP Time Slots Booking Form (versions
PT-2026-49487
Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...
GHSA-FW38-PC54-JVX9 Klever-Go KVM: Throttler slot leak in trie account-data sync causes epoch bootstrap / state sync DoS
Summary The account-data trie syncers leak bounded throttler slots on error paths in syncDataTrie. Each failed trie sync permanently consumes one slot from the NumGoRoutinesThrottler, and the slot is never returned unless the sync succeeds or the root hash was already present. I confirmed this on...
Klever-Go KVM: Throttler slot leak in trie account-data sync causes epoch bootstrap / state sync DoS
Summary The account-data trie syncers leak bounded throttler slots on error paths in syncDataTrie. Each failed trie sync permanently consumes one slot from the NumGoRoutinesThrottler, and the slot is never returned unless the sync succeeds or the root hash was already present. I confirmed this on...
Klever-Go P2P MultiDataInterceptor leaks global throttler slots on malformed compressed batches (DoS)
Publisher note Fixed in v1.7.17. Operators running v1.7.17 should upgrade. The decompression-error path in MultiDataInterceptor.ProcessReceivedMessage now releases the global throttler slot before returning guarded defer after StartProcessing, disabled when the asynchronous goroutine takes...
WordPress WP Time Slots Booking Form plugin <= 1.2.50 - SQL Injection vulnerability
SQL Injection vulnerability discovered by xwii in WordPress Plugin WP Time Slots Booking Form versions = 1.2.50...
cockpit security update
310.8-1.0.1 - Fixed cockpitwst selinux issue for tmpfs Orabug: 36013589 - Move update-motd out of cockpitwst context Orabug: 36013589 - Update documentation links Orabug: 34706402 - Drop subscription-manager-cockpit requirement for ol Orabug: 34681110 - Remove duplicate reference to server in...