CVE-2026-8073

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This makes it possible for...

CVE-2026-39863 Kamailio Core: TCP Data Processing Vulnerability

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted data packet sent over TCP. The...

Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth OAuth2 & OpenID Connect allows Authentication Bypass. This issue affects Simple OAuth OAuth2 & OpenID Connect: from 6.0.0 before 6.0.7...

EUVD-2020-10382

Malware in sbrugna...

EUVD-2021-23495

Malware in sbrugna...

EUVD-2022-24382

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-2703

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.2.28 and...

CVE-2023-50294

The App Settings /admin/app page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page...

CVE-2022-1033

Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6...

PYSEC-2024-86

Wagtail is an open source content management system built on Django. A bug in Wagtail's parsequerystring would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, parsequerystring would take an unexpectedl...

MongoDB DoS Vulnerability (SERVER-75601) - Linux

MongoDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb"; if...

Spring Framework 安全漏洞

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications . A security vulnerability exists in Spring Framework versions 6.0.0 through 6.0.6 and 5.3.0 through 5.3.25, which stems from a schem...

SUSE CVE-2019-2690

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualB...

GSD-2022-1006694 net: ethernet: mtk_eth_soc: fix possible memory leak in mtk_probe()

net: ethernet: mtkethsoc: fix possible memory leak in mtkprobe This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.6 by commit...

PT-2022-34958 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.6 Description: The issue concerns a fix for writes in a read-only memory region in the cpufreq qcom driver. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...

PT-2022-34959 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.6 Description: The issue concerns the use of both GFP KERNEL and GFP ATOMIC in the convert context function within the selinux module. The actual impact and potential for attack have not been proven yet...

PT-2022-34933 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.6 Description: The issue is related to a null pointer access problem when the sfb init function fails. This problem was introduced in version v2.6.39 and is fixed in version v6.0.6. Recommendations: For Lin...

PT-2022-34931 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.6 Description: A race condition exists in the qdisc graft function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to v6.0.6, update to...

PT-2022-9184 · Ibm · Ibm Jazz Team Server

Name of the Vulnerable Software and Affected Versions: IBM Jazz Team Server versions 6.0.6 through 7.0.2 Description: The issue is caused by the failure to set the HTTPOnly flag, allowing a remote attacker to obtain sensitive information from the cookie. A remote attacker could exploit this to...

Security Updates for Microsoft .NET core (June 2022)

An information disclosure vulnerability exists in .NET core 6.0 6.0.6 and .NET Core 3.1 3.1.26. An unauthenticated, local attacker can exploit this, to disclose potentially sensitive information. Note that Nessus has not tested for this issue but has instead relied only on the application's...