1199 matches found
Users Ultra <= 3.1.0 - SQL Injection
The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the datatarget parameter before it is being interpolated in an SQL statement and then executed via the ratingvote AJAX action available to both unauthenticated and authenticated users, leading to an SQL Injection...
Malicious code in chalk-ultra (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a219b45c3fdcdb883eeb2c7e74d20060af2c788865e7925f911e40276dcd631 chalk-ultra is published under a name that mimics the widely-used chalk package, but its main is a verbatim copy of nodemailer source and its...
Astra Linux – Vulnerability in Intel Microcode
The sequence of processor instructions in IntelR CoreTM Ultra Processors may lead to unexpected behaviors. This could potentially allow an authenticated user to enable denial of service through local access...
EUVD-2026-36970
Subscriber Broken Access Control in Ultra Addons for WPForms = 1.0.11 versions...
CVE-2026-39594
Subscriber Broken Access Control in Ultra Addons for WPForms = 1.0.11 versions...
CVE-2026-39594 WordPress Ultra Addons for WPForms plugin <= 1.0.11 - Broken Access Control vulnerability
Subscriber Broken Access Control in Ultra Addons for WPForms = 1.0.11 versions...
CVE-2026-39594
CVE-2026-39594 affects the WordPress plugin Ultra Addons for WPForms (versions
PT-2026-49405
Subscriber Broken Access Control in Ultra Addons for WPForms = 1.0.11 versions...
Unbreakable Enterprise kernel security update
6.12.0-203.76.7.3 - arm64: errata: Mitigate TLBI errata on various Arm CPUs Mark Rutland Orabug: 39017589 CVE-2025-10263 - arm64: tlb: Add ARM64WORKAROUNDREPEATTLBISYNC Mark Rutland Orabug: 39017589 - arm64: tlb: allow XZR argument to TLBI ops Mark Rutland Orabug: 39017589 - arm64: cputype: Add...
Unbreakable Enterprise kernel security update
5.15.0-321.202.5.1 - arm64: errata: Mitigate TLBI errata on various Arm CPUs Mark Rutland Orabug: 39017590 CVE-2025-10263 - arm64: tlb: Add ARM64WORKAROUNDREPEATTLBISYNC Mark Rutland Orabug: 39017590 - ARM: uek: Disable CONFIGNVIDIACARMELCNPERRATUM Boris Ostrovsky Orabug: 39017590 - arm64: tlb:...
OESA-2026-2255 libvncserver security update
libvncserver is a set of programs using the RFB Remote Frame Buffer protocol. They are designed to "export" a frame buffer via net: you set up a server and can connect to it via VNC viewers. If the server supports WebSockets which LibVNCServer does, you can also connect using an in-browser VNC...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: microcode_ctl (UTSA-2026-015078)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015078 advisory. Incorrect initialization of resource in the branch prediction unit for some IntelR Core Ultra Processors may allow an authenticated user to potentially enable...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011364)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011364 advisory. In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copyfromtouser for UltraSPARC The referenced commit...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011214)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011214 advisory. In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copyfromtouser for UltraSPARC III Anthony Yznaga track...
WordPress Ultra Addons for WPForms plugin <= 1.0.11 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by CidKagenouSama in WordPress Plugin Ultra Addons for WPForms versions = 1.0.11...
CVE-2026-22523
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themepassion Ultra WordPress Admin ultra-admin allows Reflected XSS.This issue affects Ultra WordPress Admin: from n/a through = 11.7...
EUVD-2026-15536
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themepassion Ultra WordPress Admin ultra-admin allows Reflected XSS.This issue affects Ultra WordPress Admin: from n/a through = 11.7...
CVE-2026-22523
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themepassion Ultra WordPress Admin ultra-admin allows Reflected XSS.This issue affects Ultra WordPress Admin: from n/a through = 11.7...
CVE-2026-22523
CVE-2026-22523 is a reflected cross-site scripting (XSS) vulnerability in the themepassion Ultra WordPress Admin (ultra-admin) plugin for WordPress, affecting versions n/a through 11.7. The root cause is improper neutralization of input during web page generation. The connected Red Hat and EUVD r...
CVE-2026-22523 WordPress Ultra WordPress Admin plugin <= 11.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themepassion Ultra WordPress Admin ultra-admin allows Reflected XSS.This issue affects Ultra WordPress Admin: from n/a through = 11.7...