CVE-2026-48587

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

CVE-2026-48587 Potential exposure of private data via whitespace padding in Vary header

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

EUVD-2026-33881

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the plugin accepting an arbitrary email address when a username is used in the password reset request. Thi...

CVE-2026-8206

The Kirki plugin for WordPress (Kirki – Freeform Page Builder, Website Builder & Customizer) versions 6.0.0–6.0.6 contain an unauthenticated privilege-escalation flaw in the password-reset flow. When a username is provided, the code ignores the target user’s email and uses the email supplied in t...

CVE-2026-8206 Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the plugin accepting an arbitrary email address when a username is used in the password reset request. Thi...

WordPress Kirki plugin 6.0.0-6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password' vulnerability

Unauthenticated Privilege Escalation via 'handleforgotpassword' vulnerability discovered by CHOIGYEONGMIN in WordPress Plugin Kirki – Freeform Page Builder, Website Builder & Customizer versions 6.0.0-6.0.6...

CVE-2026-8073

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This makes it possible for...

OPENSUSE-SU-2026:10623-1 strongswan-6.0.6-1.1 on GA media

These are all security issues fixed in the strongswan-6.0.6-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-39863 Kamailio Core: TCP Data Processing Vulnerability

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted data packet sent over TCP. The...

Kamailio 缓冲区错误漏洞

Kamailio is an open-source implementation of a SIP signaling server developed by Kamailio. Versions of Kamailio prior to 6.1.1, 6.0.6, and 5.8.8 contained a buffer error vulnerability. This vulnerability stemmed from out-of-bounds access, which could lead to denial of service attacks...

PT-2026-31442

Name of the Vulnerable Software and Affected Versions Kamailio versions prior to 6.1.1, prior to 6.0.6, and prior to 5.8.8 Description Kamailio, an open source SIP Signaling Server, contains a flaw where a specially crafted data packet sent over TCP can lead to a denial of service process crash...

Cal.com 安全漏洞

Cal.com is an open source scheduling software from Cal.com Open Source. A security vulnerability exists in Cal.com versions 3.1.6 through prior to 6.0.7, which stems from a flaw in the custom NextAuth JWT callback that could allow an attacker to gain full authentication access to any user account...

CVE-2019-2722

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

CVE-2025-66554 Nextcloud Contacts vulnerable to Stored XSS in contacts app via organisation and title field

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript and other options were correctly blocked ...

UBUNTU-CVE-2025-64507

Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true...

CVE-2025-64507 Incus vulnerable to local privilege escalation through custom storage volumes

Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true...

Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth OAuth2 & OpenID Connect allows Authentication Bypass. This issue affects Simple OAuth OAuth2 & OpenID Connect: from 6.0.0 before 6.0.7...

PT-2025-44362

Name of the Vulnerable Software and Affected Versions Drupal Simple OAuth OAuth2 & OpenID Connect versions 6.0.0 through 6.0.6 Description A flaw exists in Simple OAuth OAuth2 & OpenID Connect that permits authentication bypass. This issue allows bypassing normal authentication mechanisms through...

EUVD-2020-10382

Malware in sbrugna...

EUVD-2021-23495

Malware in sbrugna...