PT-2026-43959

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A DMA coherency issue exists in the igorplugusb driver within the media subsystem. In a control request, the USB request...

dalfox 访问控制错误漏洞

Dalfox is an automated cross-site scripting scanning tool developed by HAHWUL. Versions of Dalfox prior to 2.13.0 contained a access control vulnerability. This vulnerability stemmed from the default binding of the REST API server to 0.0.0.0:6664, without the need for an API key. Additionally, th...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which arises from the lack of validation when ICMP reply types exceed the range of the icmppointers array, potentially...

Ubuntu 24.04 LTS / 25.10 : Linux kernel (Azure) vulnerabilities (USN-8310-1)

"The remote Ubuntu 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8310-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy...

PT-2026-43881

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description In the KVM SVM component, there is a failure in the save and restore handling of Last Branch Record LBR Model Specific Registers MSRs. Specifically, MSR IA32 DEBUGCTLMSR and LBR MSRs are no...

PT-2026-43905

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A memory leak occurs in the QualComm Rapid Transport QRTR nameserver. When a node sends a BYE packet indicating it is going...

PT-2026-43971

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A lifetime bookkeeping error exists in the ucan driver within the CAN subsystem. USB drivers bind to USB interfaces, and device managed resources must have their lifetime tied to the...

CVE-2026-9604 JeecgBoot AiragModelController access control

A vulnerability was detected in JeecgBoot up to 3.9.1. This vulnerability affects unknown code of the component AiragModelController. The manipulation of the argument list/queryById results in improper access controls. The attack can be executed remotely. The exploit is now public and may be used...

CVE-2026-9604 JeecgBoot AiragModelController access control

A vulnerability was detected in JeecgBoot up to 3.9.1. This vulnerability affects unknown code of the component AiragModelController. The manipulation of the argument list/queryById results in improper access controls. The attack can be executed remotely. The exploit is now public and may be used...

CVE-2026-9581

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version...

CVE-2026-9579

A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser. The manipulation of the argument userIdentity results in improper access controls. The attack may be launched remotely. The exploit...

CVE-2026-42337

MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a broken access control vulnerability in the OSS file service URL fetch API chat/api/oss/geturl. The endpoint uses applicationid from the URL path without validating ownership, allowing attackers to perfo...

CVE-2025-14361

Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n/a through 1.2.1...

CVE-2025-14361

Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n/a through 1.2.1...

CVE-2025-14361 WordPress Woocommerce Envato Affiliates plugin <= 1.2.1 - Settings Change vulnerability

Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n/a through 1.2.1...

CVE-2025-14361

CVE-2025-14361 affects the WordPress plugin AA-Team Woocommerce Envato Affiliates (

CVE-2026-9581 JeecgBoot add access control

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version...

CVE-2026-9581

JeecgBoot

CVE-2026-9581 JeecgBoot add access control

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version...

CVE-2026-42337

MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a broken access control vulnerability in the OSS file service URL fetch API chat/api/oss/geturl. The endpoint uses applicationid from the URL path without validating ownership, allowing attackers to perfo...