| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions. |
| Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions. |
| Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions. |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, macOS Ventura 13.7.8. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. |
| The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing a file may lead to memory corruption. |
| Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions. |
| Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 versions. |
| In the Linux kernel, the following vulnerability has been resolved:
net/sched: fix pedit partial COW leading to page cache corruption
tcf_pedit_act() computes the COW range for skb_ensure_writable()
once before the key loop using tcfp_off_max_hint, but the hint does
not account for the runtime header offset added by typed keys. This
can leave part of the write region un-COW'd.
Fix by moving skb_ensure_writable() inside the per-key loop where
the actual write offset is known, and add overflow checking on the
offset arithmetic. For negative offsets (e.g. Ethernet header edits
at ingress), use skb_cow() to COW the headroom instead. Guard
offset_valid() against INT_MIN, where negation is undefined. |
| NPM package next-npm-version1.0.1 is vulnerable to Command injection. |
| Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions. |
| Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions. |
| Subscriber Broken Access Control in ChatBot <= 7.9.7 versions. |
| Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions. |
| Subscriber Broken Access Control in myCred <= 3.0.3 versions. |
| Unauthenticated SQL Injection in Order Delivery Date for WooCommerce <= 4.5.1 versions. |
| Unauthenticated SQL Injection in GD Rating System <= 3.6.2 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions. |
| Unauthenticated Sensitive Data Exposure in Bookly <= 27.4 versions. |
| Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions. |
