Skip to main content
CVE-2023-53590 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop With this refcnt added in sctp_stream_priorities, we don't need to traverse all streams to check if the prio is...

Buffer Overflow Linux Red Hat Suse Linux Kernel
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-53580 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: core: Help prevent panic during UVC unconfigure Avichal Rakesh reported a kernel panic that occurred when the UVC gadget driver was removed from a gadget's...

Information Disclosure Linux Red Hat Suse Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-53549 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Rework long task execution when adding/deleting entries When adding/deleting large number of elements in one step in ipset, it can take a reasonable amount of...

Information Disclosure Linux Red Hat Suse Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-53584 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ubifs: ubifs_releasepage: Remove ubifs_assert(0) to valid this process There are two states for ubifs writing pages: 1.

Denial Of Service Linux Red Hat Suse Linux Kernel
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-9030 MEDIUM This Month

The Majestic Before After Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before_label' and 'after_label' parameters in versions less than, or equal to, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

XSS WordPress PHP
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-8726 MEDIUM This Month

The WP Photo Album Plus plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 9.0.11.006 due to insufficient input sanitization and output escaping in the wppa_user_upload function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in the photo album descriptions that execute in a victim's browser.

XSS WordPress PHP
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-11228 MEDIUM PATCH This Month

The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `registerAssociateFormsWithCampaign` function in all versions up to, and including, 4.10.0. This makes it possible for unauthenticated attackers to associate any donation forms with any campaign.

Authentication Bypass WordPress Givewp PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-53586 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix multiple LUN_RESET handling This fixes a bug where an initiator thinks a LUN_RESET has cleaned up running commands when it hasn't.

Information Disclosure Linux Red Hat Suse Linux Kernel
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2023-53615 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix deletion race condition System crash when using debug kernel due to link list corruption.

Denial Of Service Race Condition Linux Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2023-53614 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix race with VMA iteration and mm_struct teardown exit_mmap() will tear down the VMAs and maple tree with the mmap_lock held in write mode.

Race Condition Information Disclosure Linux Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2023-53581 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Check for NOT_READY flag state after locking Currently the check for NOT_READY flag is performed before obtaining the necessary lock.

Denial Of Service Race Condition Linux Canonical Red Hat +2
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-9029 MEDIUM This Month

A security vulnerability in Widget Builder (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-9886 MEDIUM This Month

The Trinity Audio - Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.20.2. This is due to missing or incorrect nonce validation in the '/admin/inc/post-management.php' file. This makes it possible for unauthenticated attackers to activate/deactivate posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PHP CSRF WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy