Linux Distros Unpatched Vulnerability : CVE-2026-40034

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the...

UBUNTU-CVE-2026-40034

gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An...

CVE-2026-40034

gix-submodule before 0.82.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An attacker can inject arbitrary shell commands vi...

CVE-2026-40034

gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An...

gitoxide 安全漏洞

GitOxide is a Git implementation written in Rust by Sebastian Thiel. Versions of GitOxide prior to 0.82.0 contained a security vulnerability, which stemmed from improper validation of the update field in.gitmodules. This vulnerability could allow attackers to bypass the...

PT-2026-43251

gix-submodule before 0.82.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An attacker can inject arbitrary shell commands vi...

CVE-2026-3642

The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshotformbuilderupdatefielddata AJAX handler lacks any capability checks currentusercan or nonce verification checkajaxreferer/wpverifynonce. The function is...

CVE-2026-24689

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update apply action...

CVE-2025-14937

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acff' parameter in the 'frontendadmin/forms/updatefield' AJAX action in all versions up to, and including, 3.28.23 due to insufficient input sanitization and output escaping. This makes it...

CVE-2025-14937 Frontend Admin by DynamiApps <= 3.28.23 - Unauthenticated Stored Cross-Site Scripting via 'update_field'

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acff' parameter in the 'frontendadmin/forms/updatefield' AJAX action in all versions up to, and including, 3.28.23 due to insufficient input sanitization and output escaping. This makes it...

CVE-2025-14937

CVE-2025-14937 : Frontend Admin by DynamiApps for WordPress is vulnerable to unauthenticated stored XSS via the acff parameter in the AJAX action frontend_admin/forms/update_field. Affected versions are all up to and including 3.28.23 due to insufficient input sanitization and output escaping. Wo...

EUVD-2012-6547

Malware in sbrugna...

CVE-2012-6705

Cross Site Scripting XSS exists in Jamroom before 4.2.7 via the Status Update field...

Microsoft Windows CLIPSP.SYS License Update Field Type 0xC9 out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2024-1968 Microsoft Windows CLIPSP.SYS License Update Field Type 0xC9 out-of-bounds read vulnerability August 13, 2024 CVE Number CVE-2024-38062 SUMMARY An out-of-bounds read vulnerability exists in the License Update Field Type 0xC9 functionality of Microsoft...

Microsoft Windows CLIPSP.SYS License Update Field Type 0xD3 out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2024-1970 Microsoft Windows CLIPSP.SYS License Update Field Type 0xD3 out-of-bounds read vulnerability August 13, 2024 CVE Number None SUMMARY An out-of-bounds read vulnerability exists in the License Update Field Type 0xD3 functionality of Microsoft Windows...

PT-2024-24349 · Npm · @Festify/Secure-Session

Name of the Vulnerable Software and Affected Versions: @festify/secure-session versions prior to 7.3.0 Description: The issue exists in the session removal process of @festify/secure-session. When a session is deleted, it is marked for deletion, but if an attacker gains access to the cookie, they...

CVE-2022-23387

An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field...

Taocms SQL注入漏洞

Taocms is a micro Cms Content Management System in China. A SQL injection vulnerability exists in Taocms version 3.0.2, which originates from a lack of validation of externally entered SQL statements in the Comment Update field. An attacker can exploit this vulnerability to execute illegal SQL...

CVE-2020-11036

In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. The package is vulnerable to Stored XSS in the comments of items in the Knowledge base. Adding a comment with content "alert1" reproduces the attack. This can be exploited by a user with administrator privileges i...

Jamroom Cross-Site Scripting Vulnerability

Jamroom is a social media content management system. The system helps build social networks, content communities, blogs and more. A cross-site scripting vulnerability exists in versions of Jamroom prior to 4.2.7. A remote attacker can exploit this vulnerability to inject arbitrary web script or...