CVE-2025-70846

lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting XSS on the /tools/Password/add page in the input field password...

CVE-2025-70846

lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting XSS on the /tools/Password/add page in the input field password...

PT-2026-20549

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.16.0 Description Weblate is a web-based localization tool. The SSH management console did not validate input when adding an SSH host key, potentially leading to an argument injection into the ssh-add function. This...

CVE-2025-70846

lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting XSS on the /tools/Password/add page in the input field password...

aidigu 安全漏洞

Aidigu is an open-source Weibo project developed by SR. Li lty628 as a personal project. The aidigu v1.9.1 version contains a security vulnerability. This vulnerability stems from the lack of validation on the password input field in the /tools/Password/add page, which may lead to cross-site...

CVE-2025-70846

Summary: CVE-2025-70846 affects lty628 aidigu v1.9.1 and is a Cross Site Scripting (XSS) vulnerability on the /tools/Password/add page, within the password input field. Details from sources: The vulnerability is described across multiple feeds as XSS in the password field on /tools/Password/add. ...

PT-2026-20268

Name of the Vulnerable Software and Affected Versions lty628 aidigu version 1.9.1 Description The software is susceptible to a Cross Site Scripting XSS issue. This affects the /tools/Password/add page, specifically within the password input field. Successful exploitation could allow an attacker t...

Linux Distros Unpatched Vulnerability : CVE-2026-23172

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: wwan: t7xx: fix potential skb-frags overflow in RX path When receiving data in the DPMAIF RX path, the t7xxdpmaifsetfragtoskb function adds page fragments ...

EUVD-2025-206979

Mattermost versions 10.11.x = 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561...

CVE-2025-14573

Mattermost versions 10.11.x = 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561...

Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware

This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question. Another signal: attackers are mixing old and new methods. Legacy botnet tactics, moder...

PT-2026-8341

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.0 through 10.11.9 Description Mattermost versions 10.11.x up to and including 10.11.9 do not properly enforce invite permissions when team settings are updated. This allows team administrators lacking the necessary...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 10.11.9 and earlier, including 10.11.x, have security vulnerabilities. These vulnerabilities stem from the lack of enforceable invitation permissions during the update...

CVE-2026-23176

In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshibahaps: Fix memory leaks in add/remove routines toshibahapsadd leaks the haps object allocated by it if it returns an error after allocating that object successfully. toshibahapsremove does not free the object...

UBUNTU-CVE-2026-23176

In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshibahaps: Fix memory leaks in add/remove routines toshibahapsadd leaks the haps object allocated by it if it returns an error after allocating that object successfully. toshibahapsremove does not free the object...

CVE-2026-23209

CVE-2026-23209 is a Linux kernel macvlan bug. The issue occurs in macvlan when creating a new link with MACVLAN_MODE_SOURCE and MACVLAN_MACADDR_ADD/SET and the lower device already has a macvlan port, causing a use-after-free after a failed register_netdevice() in the create path. Upstream kernel...

CVE-2026-23209 macvlan: fix error recovery in macvlan_common_newlink()

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix error recovery in macvlancommonnewlink valis provided a nice repro to crash the kernel: ip link add p1 type veth peer p2 ip link set address 00:00:00:00:00:20 dev p1 ip link set up dev p1 ip link set up dev p2 ip lin...

CVE-2026-23176

The CVE-2026-23176 issue in the Linux kernel affects the platform/x86 toshiba_haps subsystem. The vulnerability stems from memory leaks in the add/remove routines: toshiba_haps_add() can leak the haps object if it returns an error after successful allocation, and toshiba_haps_remove() clears the ...

CVE-2026-23176

In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshibahaps: Fix memory leaks in add/remove routines toshibahapsadd leaks the haps object allocated by it if it returns an error after allocating that object successfully. toshibahapsremove does not free the object...

CVE-2026-23176 platform/x86: toshiba_haps: Fix memory leaks in add/remove routines

In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshibahaps: Fix memory leaks in add/remove routines toshibahapsadd leaks the haps object allocated by it if it returns an error after allocating that object successfully. toshibahapsremove does not free the object...