CVE-2026-46264

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix sysfs initialization In case of devmaddactionorreset failure the provided cleanup action will be run immediately on the not yet initialized kobject. This may lead to errors like: kobject: 'null' ff110001393608e0: i...

CVE-2026-10227

A vulnerability has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file addusercheck.php of the component User Creation Handler. The manipulation of the argument role leads to sql injectio...

CVE-2026-46260 ipv6: Fix out-of-bound access in fib6_add_rt2node().

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bound access in fib6addrt2node. syzbot reported out-of-bound read in fib6addrt2node. 0 When IPv6 route is created with RTANHID, struct fib6info does not have the trailing struct fib6nh. The cited commit started t...

CVE-2026-46260

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bound access in fib6addrt2node. syzbot reported out-of-bound read in fib6addrt2node. 0 When IPv6 route is created with RTANHID, struct fib6info does not have the trailing struct fib6nh. The cited commit started t...

EUVD-2026-34122

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bound access in fib6addrt2node. syzbot reported out-of-bound read in fib6addrt2node. 0 When IPv6 route is created with RTANHID, struct fib6info does not have the trailing struct fib6nh. The cited commit started t...

CVE-2026-46260

The CVE-2026-46260 entry is supported by multiple connected sources detailing a kernel IPv6 out-of-bounds read when creating an IPv6 route with RTA_NH_ID, due to fib6_info not containing trailing fib6_nh and an unsafe read of iter->fib6_nh. The fix adds a check of iter->nh before dereferenc...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from cleanup operations that run on uninitialized kobject objects when the devmaddactionorreset functi...

PT-2026-46116

Name of the Vulnerable Software and Affected Versions Froxlor versions prior to 2.3.7 Description The 'DomainZones.add' API endpoint fails to sanitize newline characters within TXT record content. An authenticated customer with DNS editing permissions can inject newlines into TXT record values,...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ipv6 module’s failure to check iter-nh when using RTANHID in the fib6addrt2node function. As ...

CVE-2026-4080

The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'addtocart' shortcode in all versions up to and including 1.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the ectpaddtocart function...

CVE-2026-4080

The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'addtocart' shortcode in all versions up to and including 1.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the ectpaddtocart function...

CVE-2026-4080

The CVE concerns the WordPress Easy Cart plugin (versions ≤ 1.8). The vulnerability is Stored Cross-Site Scripting via the add_to_cart shortcode attributes, due to insufficient input sanitization and output escaping in ectp_add_to_cart(). Specifically, sanitize_text_field() is applied to shortcod...

CVE-2026-3870

A buffer overflow vulnerability in the UPnP AddPortMapping command in Zyxel VMG4005-B50B firmware versions through 5.13ABRL.5.4C0 could allow an adjacent attacker to trigger a temporary denial-of-service DoS condition affecting the UPnP function of the affected device...

Zyxel VMG4005-B50B 安全漏洞

The Zyxel VMG4005-B50B is a VDSL2/ADSL2+ broadband modem produced by the Chinese company Zyxel. The firmware version 5.13ABRL.5.4C0 and earlier contain security vulnerabilities. These vulnerabilities stem from a buffer overflow in the UPnP AddPortMapping command, which could allow adjacent...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability caused by improper implementations in the Extensions component. This vulnerability could allow attackers to persuade users to install...

PT-2026-45707

Name of the Vulnerable Software and Affected Versions Easy Cart versions prior to 1.9 Description The Easy Cart plugin for WordPress contains a Stored Cross-Site Scripting issue. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages. This occu...

Linux Distros Unpatched Vulnerability : CVE-2026-46243

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority- bearing fields such as pid, uid, creduid, and upcalltarge...

CVE-2026-10295 SourceCodester Customer Review App review_app.py get_all_reviews denial of service

A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function addreview/savereview/getallreviews of the file reviewapp.py. Performing a manipulation of the argument name/comment results in denial of service. The attack requires a local approac...

CVE-2026-10295

SourceCodester Customer Review App 1.0 is affected. The vulnerability lies in review_app.py functions add_review, save_review, and get_all_reviews, where manipulating the name/comment argument leads to a local denial of service. The attack requires local access and a public exploit exists. Impact...

CVE-2026-28577

In addWindow of WindowManagerService.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...