144477 matches found
EUVD-2026-43602
In OpENer 2.3.0 commit 76b95cf when parsing incoming CIP Common Industrial Protocol network packets, the length parameter is inconsistently typed across the call stack. Specifically, an upstream length calculated as an int is passed to a downstream function that expects an EipInt16 a 16-bit signe...
EUVD-2026-43553
A weakness has been identified in antv layout 2.0.0. This impacts the function setNestedValue in the library lib/util/object.js. Executing a manipulation of the argument path can lead to improperly controlled modification of object prototype attributes. The attack can be launched remotely. The...
CVE-2026-15619 mosaxiv clawlet IPv4 tool_web_fetch.go web_fetch server-side request forgery
A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the function webfetch of the file tools/toolwebfetch.go of the component IPv4 Handler. This manipulation of the argument url causes server-side request forgery. The attack can be initiated remotely. The exploi...
ALSA-2026:39494 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: crypto: ccp - copy IV using skcipher ivsize CVE-2026-53016 kernel: XFS data corruption using reflink Bug Fixes and Enhancements: Exploits KEV kernel: XFS data corruption using reflink...
Adobe Premiere Pro < 25.6.6 / 26.0.0 < 26.3.0 Multiple Vulnerabilities (APSB26-76)
The version of Adobe Premiere Pro installed on the remote Windows host is prior to 25.6.6, 26.3.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-76 advisory. - Premiere Pro is affected by an Improper Input Validation vulnerability that could result in a Securi...
openSUSE 16 Security Update : python-Django (openSUSE-SU-2026:21313-1)
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21313-1 advisory. Changes in python-Django: - CVE-2026-48588: Potential exposure of private data via cached Set-Cookie response bsc1271029 - CVE-2026-53877: Heap...
CVE-2026-58409 ChurchCRM: Authenticated Remote Code Execution (RCE) via Malicious Plugin Upload
ChurchCRM is an open-source church management system. Prior to version 7.4.0, an authenticated administrator can achieve Remote Code Execution RCE on the server by installing a malicious plugin ZIP archive containing a PHP webshell. The application explicitly includes 'php' in its ALLOWEDEXTENSIO...
SUSE-SU-2026:2923-1 Security update for gnutls
This update for gnutls fixes the following issues - CVE-2026-3833: incorrectly accepted domain names due to comparison during name constraints processing being case-sensitive bsc1263707. - CVE-2026-5260: heap overread when processing extremely short premaster secret as part of an RSA key exchange...
kernel: eventpoll: defer struct eventpoll free to RCU grace period
A flaw was found in the Linux kernel's eventpoll component. In certain situations, the epfree function in eventpoll.c can prematurely free the eventpoll data structure while it is still being used by another concurrent thread. This use-after-free UAF vulnerability could allow a local attacker to...
CVE-2026-9824
creationtimestamp| type| source ---|---|--- 2026-07-13 13:19:51+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjrszmrjk2s 2026-07-13 14:03:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjuaxgcny27 2026-07-13 18:19:38+00:00| seen|...
SUSE-SU-2026:2899-1 Security update for the Linux Kernel (Live Patch 27 for SUSE Linux Enterprise 15 SP5)
This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.110 fixes various security issues The following security issues were fixed: - CVE-2025-71089: iommu: disable SVA when CONFIGX86 is set bsc1256615. - CVE-2026-23393: bridge: cfm: Fix race condition in peermep deletion bsc1260524. -...
SUSE-SU-2026:2895-1 Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.31 fixes various security issues The following security issues were fixed: - CVE-2026-23393: bridge: cfm: Fix race condition in peermep deletion bsc1260524. - CVE-2026-31505: iavf: fix out-of-bounds writes in iavfgetethtoolstats...
CVE-2026-40468
The CVE-2026-40468 entry concerns gawk (versions 5.4.0 and earlier) with an integer overflow in the builtin.c file. The flaw can cause memory exhaustion and may enable overwriting heap metadata and objects with attacker-controlled bytes. This is described across multiple feeds (NVD/NIST entry and...
CVE-2026-15533
creationtimestamp| type| source ---|---|--- 2026-07-13 06:42:05+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqj3lqyfhk2y...
Important: Red Hat Security Advisory: xorg-x11-server security update
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...
EUVD-2026-43277
A vulnerability has been found in yashbhalgat HashNeRF-pytorch up to 82885e698295982504eb6a26d060a6b2473e3706. Affected by this issue is the function torch.load of the file runnerf.py of the component Checkpoint File Handler. The manipulation of the argument ckptpath leads to deserialization. The...
EUVD-2026-43276
A flaw has been found in WuzhiCMS up to 4.1.0. Affected by this vulnerability is the function config/listimage of the file /index.php?m=attachment&f=index&v=upload of the component Attachment API. Executing a manipulation can lead to information disclosure. The attack can be launched remotely. Th...
MINI-R874-7C63-V8GP
Bulletin has no description...
CVE-2026-15529 yzhao062 pyod persistence.py pyod.utils.persistence.load deserialization
A vulnerability was detected in yzhao062 pyod 3.5.0/3.5.1/3.5.2. Affected is the function pyod.utils.persistence.load of the file pyod/utils/persistence.py. Performing a manipulation of the argument path results in deserialization. The attack can be initiated remotely. The pull request to fix thi...
MINI-Q7MM-GWCH-GF95
Bulletin has no description...