CVE-2022-50539

In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: omap4-common: Fix refcount leak bug In omap4sraminit, offindcompatiblenode will return a node pointer with refcount incremented. We should use ofnodeput when it is not used anymore...

EUVD-2025-32702

The WP Reset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.05 via the WFLicensing::log method when debugging is enabled default. This makes it possible for unauthenticated attackers to extract sensitive license key and site data...

WordPress plugin WP Reset 日志信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A log...

Unity Linux 20.1070e Security Update: skopeo (UTSA-2025-985018)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-985018 advisory. Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web...

EUVD-2025-29203

Malicious code in bioql PyPI...

EUVD-2024-54978

Malicious code in bioql PyPI...

EUVD-2025-28553

Malicious code in bioql PyPI...

EUVD-2025-32286

Malicious code in bioql PyPI...

CVE-2025-10311

The Comment Info Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing nonce validation on the options.php file when handling form submissions. This makes it possible for unauthenticated attackers to modify...

MyClub 安全漏洞

MyClub is a club management software for jibux individual developers. A security vulnerability exists in MyClub version 0.5, which stems from insufficient cleanup of query parameter inputs and could lead to an SQL injection attack...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the API. An attacker can perform unauthorized actions, such as creating and starting arbitrary instances or executing arbitrary commands inside containers, by tricking a victim authenticated with clien...

WordPress WP Subscription Forms PRO Plugin <= 2.0.5 - Arbitrary Content Deletion Vulnerability

Arbitrary Content Deletion Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WP Subscription Forms PRO versions = 2.0.5...

CVE-2025-60160

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sharkthemes Smart Related Products ai-related-products allows Stored XSS.This issue affects Smart Related Products: from n/a through = 2.0.8...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the process handling incoming requests. An attacker can cause the service to become unresponsive by sending specially crafted input. Remediation Upgrade org.apache.iotdb:iotdb-core to version 2.0.5 or highe...

CVE-2025-48459

Deserialization of Untrusted Data vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 2.0.5. Users are recommended to upgrade to version 2.0.5, which fixes the issue...

Linux Distros Unpatched Vulnerability : CVE-2019-16688

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr 9.0.5 has stored XSS in an Email Template section to mailstemplates.php. A user with no privileges can inject script to attack the admin. This stored X...

Linux Distros Unpatched Vulnerability : CVE-2019-16687

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the Create/modify other users, groups and permissions privilege...

Linux Distros Unpatched Vulnerability : CVE-2019-16685

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the Create/modify other users, groups and permissions...

CVE-2025-41055

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/dialogs...

CVE-2025-41044

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataPagename' parameter in /apprain/page/manage-static-pages/create...