4.7
CVE-2025-71111 - hwmon: (w83791d) Convert macros to functions to avoid TOCTOU
In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83791d) Convert macros to functions to avoid TOCTOU The macro FAN_FROM_REG evaluates its arguments multiple times. When used in lockless contexts involving shared driver data, this leads to Time-of-Check to Time-of-Use (β¦
7.8
CVE-2025-71143 - clk: samsung: exynos-clkout: Assign .num before accessing .hws
In the Linux kernel, the following vulnerability has been resolved: clk: samsung: exynos-clkout: Assign .num before accessing .hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which iβ¦
5.4
CVE-2025-63644 -
A stored cross-site scripting (XSS) vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the user profile Description field.
10
CVE-2026-22686 - Sandbox Escape via Host Error Prototype Chain in enclave-vm
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sandbox escape vulnerability in enclave-vm that allows untrusted, sandboxed JavaScript code to execute arbitrary code in the host Node.js runtime. When a tool invocation fails, enclβ¦
8.8
CVE-2023-54333 - Social-Share-Buttons 2.2.3 - SQL Injection via project_id Parameter
Social-Share-Buttons 2.2.3 contains a critical SQL injection vulnerability in the project_id parameter that allows attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted POST requests with malicious SQL payloads to retrieve and potentially steal entireβ¦
5.1
CVE-2023-54332 - Jetpack 11.4 - Cross Site Scripting (XSS)
Jetpack 11.4 contains a cross-site scripting vulnerability in the contact form module that allows attackers to inject malicious scripts through the post_id parameter. Attackers can craft malicious URLs with script payloads to execute arbitrary JavaScript in victims' browsers when they interact withβ¦
5.1
CVE-2023-53985 - Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS)
Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in victimβ¦
5.1
CVE-2022-50896 - Testa 3.5.1 Online Test Management System - Reflected Cross-Site Scripting (XSS)
Testa 3.5.1 contains a reflected cross-site scripting vulnerability in the login.php redirect parameter that allows attackers to inject malicious scripts. Attackers can craft a specially encoded payload in the redirect parameter to execute arbitrary JavaScript in victim's browser context.
7.1
CVE-2022-50894 - VIAVIWEB Wallpaper Admin 1.0 SQL Injection via edit_gallery_image.php
VIAVIWEB Wallpaper Admin 1.0 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the img_id parameter. Attackers can send GET requests to edit_gallery_image.php with malicious img_id values to extract database infoβ¦
9.3
CVE-2022-50893 - VIAVIWEB Wallpaper Admin 1.0 - Code Execution via Image Upload
VIAVIWEB Wallpaper Admin 1.0 contains an unauthenticated remote code execution vulnerability in the image upload functionality. Attackers can upload a malicious PHP file through the add_gallery_image.php endpoint to execute arbitrary code on the server.