712 matches found
CVE-2026-14896
HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...
CVE-2026-14896 Nomad vulnerable to cross-namespace host volume claim deletion
HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...
CVE-2026-14896
HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature, potentially allowing an operator with host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. Root cau...
EUVD-2026-42392
HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...
Nomad vulnerable to cross-namespace host volume claim deletion
Summary HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace...
GHSA-MP2F-45PM-3CG9 Decompress: Archive extraction can create files and links outside of the target directory
Impact When extracting an archive to a directory, a crafted archive can read or write files outside that directory. The flaw is in the code that writes the parsed entries, so it affects every format decompress handles: tar, tar.gz, tar.bz2, and zip by default, plus any others added through the...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: octeontx2-af: Workarounds for stalls caused by disabling sticky operations. It is known that the sticky mode of the NIX SQ manager can cause stalls when multiple SQs share an SMQ and transmit concurrently. Additionally, PSE ma...
CVE-2026-6397
The Sticky plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the cvmh-sticky shortcode readmoretext attribute in versions up to and including 2.5.6. This is due to insufficient input sanitization and output escaping in the cvmhstickyfrontrender function — the readmoretext...
Astra Linux – Vulnerability in Containerd
Containerd is a container runtime. A bug was discovered in containerd versions prior to 1.4.8 and 1.5.4, where pulling and extracting a specially crafted container image could result in changes to Unix file permissions for existing files in the host’s filesystem. Changes to file permissions could...
CVE-2026-6397
The Sticky plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the cvmh-sticky shortcode readmoretext attribute in versions up to and including 2.5.6. This is due to insufficient input sanitization and output escaping in the cvmhstickyfrontrender function — the readmoretext...
EUVD-2026-31017
The Sticky plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the cvmh-sticky shortcode readmoretext attribute in versions up to and including 2.5.6. This is due to insufficient input sanitization and output escaping in the cvmhstickyfrontrender function — the readmoretext...
CVE-2026-6397
The WordPress Sticky plugin is affected up to version 2.5.6. In cvmh_sticky_front_render(), the readmoretext attribute from the cvmh-sticky shortcode is passed through apply_filters() and directly concatenated into HTML without escaping, enabling Stored Cross-Site Scripting. Exploitation requires...
CVE-2026-6397
The Sticky plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the cvmh-sticky shortcode readmoretext attribute in versions up to and including 2.5.6. This is due to insufficient input sanitization and output escaping in the cvmhstickyfrontrender function — the readmoretext...
CVE-2026-6397 Sticky <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'readmoretext' Shortcode Attribute
The Sticky plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the cvmh-sticky shortcode readmoretext attribute in versions up to and including 2.5.6. This is due to insufficient input sanitization and output escaping in the cvmhstickyfrontrender function — the readmoretext...
CVE-2026-6397 Sticky <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'readmoretext' Shortcode Attribute
The Sticky plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the cvmh-sticky shortcode readmoretext attribute in versions up to and including 2.5.6. This is due to insufficient input sanitization and output escaping in the cvmhstickyfrontrender function — the readmoretext...
WordPress plugin Sticky 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
@142vip/fairy-cli (>=0.0.3-alpha.19 <=0.0.3-alpha.28), @better-builds/turbo-tools (>=6.0.0 <=7.4.4-beta.2) +14 more potentially affected by CVE-2026-45772 via turbo (>=1.3.1 <=2.9.12)
turbo NPM version =1.3.1, =0.0.3-alpha.19, =6.0.0, =0.1.0, =0.1.0, =1.0.0, =3.0.1, =0.0.0-20220725115922, =0.0.234, =0.3.0, =1.5.1, =0.3.2, =0.5.0, =1.1.0, =1.4.1 - incmix-ui-components =0.0.1 and more Source cves: CVE-2026-45772 Source advisory: OSV:GHSA-3QCW-2RHX-2726...
WordPress Sticky plugin <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Sticky versions = 2.5.6...
CVE-2021-47972
Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can paste large payloads of repeated characters into note fields to trigger application crashes and mak...
CVE-2021-47973
Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger ...