CVE-2026-23070

In the Linux kernel, the following vulnerability has been resolved: Octeontx2-af: Add proper checks for fwdata firmware populates MAC address, link modes supported, advertised and EEPROM data in shared firmware structure which kernel access via MAC blockCGX/RPM. Accessing fwdata, on boards booted...

CVE-2025-11707

The Login Lockdown & Protection plugin for WordPress is vulnerable to IP Block Bypass in all versions up to, and including, 2.14. This is due to $unblockkey key being insufficiently random allowing unauthenticated users, with access to an administrative user email, to generate valid unblock keys...

WordPress Apptivo Business Site CRM plugin <= 5.3 - Cross-Site Request Forgery to IP Address Block vulnerability

Cross-Site Request Forgery to IP Address Block vulnerability discovered by SOPROBRO in WordPress Plugin Apptivo Business Site CRM versions = 5.3...

platform: Insecure websocket used when interacting with EDA server

A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of...

Formidable Forms < 6.1 - IP Spoofing

The plugin uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections. 1. In WordPress's Settings Discussion page, add your IP address to the Disallowed Comment Keys field. This will block form submissio...

CVE-2020-26262

Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. However, it was observed that when sending a CONNECT request with the XOR-PEER-ADDRESS value...

CVE-2020-26262

Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. However, it was observed that when sending a CONNECT request with the XOR-PEER-ADDRESS value...

Arbitrary Code Execution

qemu is vulnerable to arbitrary code execution. The vulnerability exists through an out-of-bounds heap buffer access flaw caused by the way the iSCSI Block driver handles a response coming from an iSCSI server while checking the status of a Logical Address Block LBA in an iscsicoblockstatus routi...

QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU handled a response coming from an iSCSI server while checking the status of a Logical Address Block LBA in an iscsicoblockstatus routine. A remote user could use this flaw to crash the QEMU process,...

QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU handled a response coming from an iSCSI server while checking the status of a Logical Address Block LBA in an iscsicoblockstatus routine. A remote user could use this flaw to crash the QEMU process,...

DEBIAN-CVE-2020-1711

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block LBA in an iscsicoblockstatus routine. A remote user could use this flaw to...