UBUNTU-CVE-2026-3906

WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature block-level collaboration annotations was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API createitempermissionscheck method in...

CVE-2026-3906 WordPress 6.9 - 6.9.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Note Creation via REST API

WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature block-level collaboration annotations was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API createitempermissionscheck method in...

CVE-2026-3906

WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature block-level collaboration annotations was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API createitempermissionscheck method in...

WordPress Core <= 6.9.1 - Cross-Site Scripting vulnerability

Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress core versions 6.9-6.9.1...

Cesanta Mongoose Web Server 安全漏洞

Cesanta Mongoose Web Server is an embedded server and network library developed in C language by the Irish company Cesanta. Version 6.9 of Cesanta Mongoose Web Server contains a security vulnerability. This vulnerability arises from the possibility that establishing multiple socket connections ma...

org.glassfish.mq:mq-client (>=6.4.0 <=6.9.0), org.glassfish.mq:mq-cluster (>=6.4.0 <=6.9.0) +12 more potentially affected by CVE-2026-22886 via org.glassfish.mq:mqbroker-core (>=6.4.0 <=6.9.0)

org.glassfish.mq:mqbroker-core MAVEN version =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.9.0 Source cves: CVE-2026-22886 Source advisory: SNYK:JAVA-ORGGLASSFISHMQ-15444256...

EUVD-2022-41330

Malicious code in bioql PyPI...

WordPress plugin Pin WP 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

From Chrome renderer code exec to kernel with MSG_OOB

Posted by Jann Horn, Google Project Zero Introduction In early June, I was reviewing a new Linux kernel feature when I learned about the MSGOOB feature supported by stream-oriented UNIX domain sockets. I reviewed the implementation of MSGOOB, and discovered a security bug CVE-2025-38236 affecting...

MGASA-2025-0208 Updated qtimageformats6 packages fix security vulnerabilities

Loading a specifically-crafted ICNS format image file in QImage will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0...

CVE-2021-33616

RSA Archer 6.x through 6.9 SP1 P4 6.9.1.4 allows stored XSS...

CVE-2020-29538

Archer before 6.9 P1 6.9.0.1 contains an improper access control vulnerability in an API. A remote authenticated malicious administrative user can potentially exploit this vulnerability to gather information about the system, and may use this information in subsequent attacks...

Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses werkzeug-3.0.3-py3-none-any.whl which is vulnerable to this CVE-2024-49766 and CVE-2024-49767

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses werkzeug-3.0.3-py3-none-any.whl which is vulnerable to this CVE-2024-49766 and CVE-2024-49767. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Siemens SINEC Security Monitor

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

RHSA-2021:1313 Red Hat Security Advisory: Satellite 6.9 Release

Bulletin has no description...

Campbell Scientific CSI Web Server

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Campbell Scientific Equipment : CSI Web Server Vulnerabilities : Path Traversal, Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

PT-2024-27227 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.9 Description: The issue is related to a deadlock regression in the Linux kernel's wifi: iwlwifi module, which was introduced with the LED merge in version 6.9. The deadlock occurs when all worker threads are...

[SECURITY] Fedora 38 Update: squid-6.9-1.fc38

Squid is a high-performance proxy caching server for Web clients, supporting FTP and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups...

Rockwell Automation FactoryTalk View ME

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk View ME Vulnerability : Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to the loss of view or...

PT-2024-5040 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.9 Description: The issue is related to the implementation of the SEV-SNP and SEV-ES protective mechanisms in the Linux kernel, which can be exploited by an untrusted hypervisor to inject virtual interrupts and...