320 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: clk: qcom: ipq8074: Fixed the PCI-E clock-related errors. Fixed kernel errors related to the PCI-E clock that are caused by a missing clock parent. pcie0rchngclksrc has numparents set to 2, but only one parent is actually set...
CVE-2026-0556
The XO Event Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xoeventfield' shortcode in all versions up to, and including, 3.2.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-0556 XO Event Calendar <= 3.2.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'xo_event_field' shortcode
The XO Event Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xoeventfield' shortcode in all versions up to, and including, 3.2.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-0556
CVE-2026-0556 concerns the XO Event Calendar WordPress plugin (versions
WordPress XO Event Calendar plugin <= 3.2.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'xo_event_field' shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'xoeventfield' shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin XO Event Calendar versions = 3.2.10...
PT-2026-20626
The XO Event Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xo event field' shortcode in all versions up to, and including, 3.2.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2017-18541
The xo-security plugin before 1.5.3 for WordPress has XSS...
CVE-2025-52538
Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in loss of confidentiality or availability...
CVE-2025-0005
AMD XOCL driver (OpenCL) within the AMD XRT framework is affected by CVE-2025-0005 due to improper input validation, enabling a local overflow that can crash the system or cause a denial of service. Root cause: input validation flaw in XOCL. Impact: local attacker could trigger crash/DoS with low...
EUVD-2025-175463
Malicious code in xo-sequelize-thermochronology-resonance npm...
Malicious code in xo-morgan-css-loader-prompts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df18935c38976d8952bf589369f1a0e87fbdb16e09e484594e5e302fd8d55ee6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-177406
Malicious code in orogeny-algol-kastra-xo npm...
EUVD-2025-177273
Malicious code in pegasus-xo-charon-karma npm...
EUVD-2025-175464
Malicious code in xo-quasarjet-publish-npm npm...
EUVD-2025-178988
Malicious code in exec-zephyr-xo-izar npm...
EUVD-2025-178527
Malicious code in hexo-publish-hexo-xo npm...
EUVD-2025-175473
Malicious code in xo-csrf-radiant-halley npm...
Malicious code in mui-auth-betelgeuse-xo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0b2fd7a8c638947ae3bfc4c81fb4a2b89e7cee50538831189f80aab8974dcde This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-180074
Malicious code in biogeochemistry-multiverse-xo-regulus npm...
EUVD-2025-177265
Malicious code in perseus-astrobiology-xo-postgres npm...