1920 matches found
YITH WooCommerce Ajax Search <= 2.4.0 - Cross-Site Scripting
The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'queryString' parameter in the REST API endpoint /ywcas/v1/register in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. id: CVE-2024-4455 info...
PYSEC-2026-1494 Kinto Attachment's attachments can be replaced on read-only records
Impact The attachment file of an existing record can be replaced if the user has "read" permission on one of the parent collection or bucket. And if the "read" permission is given to "system.Everyone" on one of the parent, then the attachment can be replaced on a record using an anonymous request...
PT-2026-54699
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description A use after free issue in V8 allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Use after free is a memory corruption flaw that occurs whe...
Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2026-39892 DESCRIPTION: cryptography is a package...
PT-2026-50606
Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description An attacker with appropriate JSON:API write permissions could potentially inject a malicious payload in certain rare circumstances, leading to PHP Object Injection. PHP Object Injection...
Important: kernel-livepatch-6.1.168-202.320
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails CVE-2026-43494 Affected Packages: kernel-livepatch-6.1.168-202.320 Issue Correction: Please ensure you have live patching enabled. Run dnf update...
PT-2026-42410
Name of the Vulnerable Software and Affected Versions Netatalk versions 1.5.0 through 4.2.2 Description The DHCAST128 UAM User Authentication Module uses a broken cryptographic algorithm. This allows a remote attacker to perform a cryptanalytic attack to obtain authentication credentials or...
PT-2026-42425
Name of the Vulnerable Software and Affected Versions Netatalk versions 3.0.0 through 4.4.2 Description An integer underflow occurs in the volxlate function. This allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption by providing...
ISC BIND 9.11.0 < 9.18.49 / 9.11.3-S1 < 9.18.49-S1 / 9.18.0 < 9.18.49 / 9.18.11-S1 < 9.18.49-S1 / 9.20.0 < 9.20.23 / 9.20.9-S1 < 9.20.23-S1 / 9.21.0 < 9.21.22 Assertion Failure (cve-2026-5946)
The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2026-5946 advisory. - Multiple flaws have been identified in named related to the handling of DNS messages whose CLASS is not Internet IN for...
PT-2026-41151
Name of the Vulnerable Software and Affected Versions go-billy versions prior to 5.9.0 Description Multiple path traversal issues exist across different components of the software due to insufficient path sanitization and boundary enforcement. This allows crafted paths, such as those using .., to...
Security Bulletin: Multiple security vulnerabilities affecting IBM Knowledge Catalog for IBM Cloud Pak for Data
Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed and customers should update to the recommended version of the product at the earliest opportunity. Vulnerability Details CVEID:CVE-2025-46392 DESCRIPTION...
PT-2026-40439
Name of the Vulnerable Software and Affected Versions DNS Cluster affected versions not specified Description SSL verification is disabled in the DNS Cluster system. This allows a malicious server to perform a man-in-the-middle attack, which is a technique where an attacker intercepts communicati...
Siemens Ruggedcom Rox
SUMMARY Ruggedcom Rox before v2.17.1 contain multiple third-party vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends to protect network...
Siemens Ruggedcom Rox
SUMMARY Ruggedcom Rox contains an input validation vulnerability in the feature key installation process that could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system. Siemens has released new versions for the affected...
Low: atop
Issue Overview: atop through 2.11.0 allows local users to cause a denial of service e.g., assertion failure and application exit or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop. CVE-2025-31160 Affected Packages: atop...
Oracle Linux 10 : python-tornado (ELSA-2026-13641)
The remote Oracle Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-13641 advisory. 6.5.5-1.1 - Update to 6.5.5 Resolves: RHEL-160934 Tenable has extracted the preceding description block directly from the Oracle Linux security...
PT-2026-37147
Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description Several administrative operations within the preferences module are executed via GET requests without CSRF token validation. This allows an attacker to force an authenticated administrator to trigger...
Debian dla-4525 : libyaml-syck-perl - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4525 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4525-1 [email protected]...
PT-2026-33509
Name of the Vulnerable Software and Affected Versions xrdp versions prior to 0.10.6 Description An open source RDP server contains a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation. This occurs due to insufficient validation of client-controlled size...
Siemens SCALANCE
SUMMARY SCALANCE W-700 IEEE 802.11n family before V6.6.0 are affected by multiple vulnerabilities. Siemens has released a new version for SCALANCE W-700 IEEE 802.11n family and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly...