382 matches found
CVE-2026-24061
creationtimestamp| type| source ---|---|--- 2026-01-21 08:01:25+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mcw7ecrteg25 2026-01-21 09:38:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mcwers7abk2t 2026-01-21 12:18:21+00:00| seen|...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004011)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004011 advisory. In the Linux kernel before 5.0.6, there is a NULL pointer dereference in dropsysctltable in fs/proc/procsysctl.c, related to putlinks, aka CID-23da9588037e. Tenable...
CVE-2026-22036
Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...
CVE-2026-22597 Ghost has SSRF via External Media Inliner
Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...
CVE-2022-26301
TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php...
CVE-2023-45806
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, if a user has been quoted and uses a | in their full name, they might be able to trigger a bug that generates a lot of duplicat...
CVE-2023-40662
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jonk @ Follow me Darling Cookies and Content Security Policy.This issue affects Cookies and Content Security Policy: from n/a through 2.15...
CVE-2023-25041
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Cththemes Monolit theme = 2.0.6 versions...
EUVD-2026-0064
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
WordPress plugin WP Adminify 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
CVE-2022-50690
creationtimestamp| type| source ---|---|--- 2025-12-23 09:47:19+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3manhqpl7h42e...
EUVD-2025-203058
The WPNakama plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 0.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
WordPress plugin WPNakama SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL...
DEBIAN-CVE-2022-50673
In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4orphancleanup I caught a issue as follows: ================================================================== BUG: KASAN: use-after-free in listaddvalid+0x28/0x1a0 Read of size 8 at addr...
CVE-2022-50675
A vulnerability was found in the ARM64 Memory Tagging Extension MTE implementation in the Linux kernel. The PGmtetagged bit was being incorrectly set on pages that should not have MTE tags, causing conflicts with KASAN hardware tag checking. When pages are migrated, incorrect tags could be copied...
CVE-2022-50635
In the Linux kernel, the following vulnerability has been resolved: powerpc/kprobes: Fix null pointer reference in archpreparekprobe I found a null pointer reference in archpreparekprobe: echo 'p cmdlineprocshow' kprobeevents echo 'p cmdlineprocshow+16' kprobeevents Kernel attempted to read user...
CVE-2022-50648
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix recursive locking directmutex in ftracemodifydirectcaller Naveen reported recursive locking of directmutex with sample ftrace-direct-modify.ko: 74.762406 WARNING: possible recursive locking detected 74.762887 6.0.0-rc...
CVE-2022-50626
In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: fix memory leak in dvbusbadapterinit Syzbot reports a memory leak in "dvbusbadapterinit". The leak is due to not accounting for and freeing current iteration's adapter-priv in case of an error. Currently if an err...
CVE-2025-65230
Barix Instreamer v04.06 and v04.05 contains a stored cross-site scripting XSS vulnerability in the Web UI Configuration Streaming Destination input...
Malicious code in elf-stats-cocoa-train-606-pwn2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38b2f0588d3a0e33bfd993faa485a07e4cd60d4c7efb4c33ed006e9c29f20c50 The package elf-stats-cocoa-train-606-pwn2 was found to contain malicious code...