PT-2026-26802

The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'atomchat update auth ajax' and 'atomchat update layout ajax' functions in all versions up to, and including, 1.1.7. This makes it possible for...

ROS-20260313-73-0005

A vulnerability in the pnfsupdatelayout function of the Linux operating system kernel is related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

EUVD-2018-13038

Malware in sbrugna...

SUSE CVE-2025-38393

In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Fix a race to wake on NFSLAYOUTDRAIN We found a few different systems hung up in writeback waiting on the same page lock, and one task waiting on the NFSLAYOUTDRAIN bit in pnfsupdatelayout, however the pnfslayouthdr's...

BIT-MAGENTO-2021-36023 Magento Commerce Widgets Update Layout XML Injection Vulnerability Could Lead To Remote Code Execution

Magento Commerce versions 2.4.2 and earlier, 2.4.2 and earlier and 2.3.7 and earlier are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution...

GHSA-8CJG-F53M-8M9Q Magento XML Injection vulnerability in the Widgets Update Layout

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution...

Magento XML Injection vulnerability in the Widgets Update Layout

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution...

Input validation

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution...

CVE-2020-36711

The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the updatelayout function in versions up to, and including, 6.2.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers, and above, to inject arbitrary web...

WordPress theme Avada 跨站脚本漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in WordPress theme Avada version 6.2.3 and prior versions...

PT-2023-11853 · WordPress · Avada

Name of the Vulnerable Software and Affected Versions: Avada theme for WordPress versions up to and including 6.2.3 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the update layout function. This allows attackers with...

kernel: NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN

In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Fix a race to wake on NFSLAYOUTDRAIN We found a few different systems hung up in writeback waiting on the same page lock, and one task waiting on the NFSLAYOUTDRAIN bit in pnfsupdatelayout, however the pnfslayouthdr's...

GHSA-3X9X-VHQJ-CV27 Magento XML Injection vulnerability in the Widgets Update Layout

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution...

Magento XML Injection vulnerability in the Widgets Update Layout

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution...

CVE-2021-36022

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution...

Input validation

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution...

CVE-2021-36022

Magento Commerce is affected by an XML Injection vulnerability in the Widgets Update Layout across versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier), and 2.3.7 (and earlier). The underlying issue allows an attacker with admin privileges to trigger a crafted script that achieves remote code exe...

PT-2021-6363 · Adobe · Magento Commerce

Name of the Vulnerable Software and Affected Versions: Magento Commerce versions 2.4.2 and earlier Magento Commerce versions 2.4.2-p1 and earlier Magento Commerce versions 2.3.7 and earlier Description: The issue is related to an XML Injection vulnerability in the Widgets Update Layout. An attack...

PT-2021-6352 · Adobe · Magento Commerce

Name of the Vulnerable Software and Affected Versions: Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier Magento Commerce version 2.3.7 and earlier Description: The issue is related to an XML Injection vulnerability in the Widgets Update Layout of Magento Commerce. This...

CVE-2018-20484

Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation...