3177 matches found
Drag and Drop Multiple File Upload - CF7 <= 1.3.9.6 - Remote Code Execution
Drag and Drop Multiple File Upload for Contact Form 7 WordPress plugin = 1.3.9.6 contains an unrestricted file upload caused by insufficient file type validation and bypass of filename sanitization with non-ASCII characters, letting unauthenticated attackers upload arbitrary files and achieve...
CVE-2026-53359
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad "KVM: x86: Fix shadow paging use-after-free due to unexpected GFN" fixed a shadow paging mismatch between stored and computed GFNs; the bug...
CVE-2026-53359
CVE-2026-53359 concerns the Linux kernel KVM/x86 shadow paging use-after-free caused by a mismatch in GFN handling when a PDE is modified to a non-leaf page. After the PDE change and memslot deletion, rmap entries tied to the GFN may not be removed, and kvm_mmu_page_get_gfn() can compute an incor...
PT-2026-55697
Name of the Vulnerable Software and Affected Versions Linux KVM versions prior to 7.1.3 Linux KVM versions prior to 6.18.38 Linux KVM versions prior to 6.12.95 Linux KVM versions prior to 6.6.144 Linux KVM versions prior to 6.1.177 Linux KVM versions prior to 5.15.211 Linux KVM versions prior to...
VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer
Cybersecurity researchers have flagged a new multi-stage malware delivery attack chain that uses social engineering and Blogger pages to deliver an information stealer called PureLogs. The activity has been codenamed VEILDROP by Securonix. It's suspected that the initial payloads are distributed...
EUVD-2026-40962
In the Linux kernel, the following vulnerability has been resolved: schedext: Don't warn on NULL cgrpmovingfrom in scxcgroupmovetask A WARN fires when systemd's user manager writes "+cpu +memory +pids" to its own subtreecontrol while a schedext scheduler is loaded: WARNING: at...
GHSA-55F6-4PR5-C7M5 Kahi has privilege-drop and socket/log permission issues
Kahi releases up to and including v0.1.0-alpha.8 contain three privilege/permission issues, all fixed in v0.1.0-alpha.9. They were identified in a full-codebase security review on 2026-05-26. Affected versions All releases = v0.1.0-alpha.8. Patched version v0.1.0-alpha.9. Details 1. Per-process...
EulerOS 2.0 SP15 : sudo (EulerOS-SA-2026-2509)
According to the versions of the sudo packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not...
Oracle Linux 9 : kernel (ELSA-2026-27789)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-27789 advisory. - net/sched: fix pedit partial COW leading to page cache corruption Ivan Vecera RHEL-177392 CVE-2026-46331 - scsi: qla2xxx: Completely fix fcport doub...
CVE-2026-53070
A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP over User Datagram Protocol UDP implementation. An issue with managing the transmission context across different processing units could lead to incorrect recursion level detection. This can cause network packets to b...
K000161867: Linux kernel vulnerabilities CVE-2026-23291, CVE-2026-23292, CVE-2026-23298, and CVE-2026-23304
Security Advisory Description CVE-2026-23291 In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: properly drop the usb interface reference on disconnect When the device is disconnected from the driver, there is a "dangling" reference count on the usb interface that was...
CVE-2026-53220
In the Linux kernel, the following vulnerability has been resolved: netfilter: revalidate bridge ports ebtredirecttg dereferences brportgetrcu return without a NULL check, causing a kernel panic when the bridge port has been removed between the original hook invocation and an NFQUEUE reinject. A...
CVE-2026-53197
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix ABBA deadlock in iptfsdestroystate iptfsdestroystate calls hrtimercancel while holding a spinlock that the timer callback also acquires, leading to an ABBA deadlock on SMP systems. For the output timer iptfstimer...
UBUNTU-CVE-2026-53220
In the Linux kernel, the following vulnerability has been resolved: netfilter: revalidate bridge ports ebtredirecttg dereferences brportgetrcu return without a NULL check, causing a kernel panic when the bridge port has been removed between the original hook invocation and an NFQUEUE reinject. A...
CVE-2026-53220
CVE-2026-53220 affects the Linux kernel netfilter bridge path. ebt_redirect_tg() dereferences br_port_get_rcu() without a NULL check when a bridge port has been removed between the original hook and an NFQUEUE reinject, potentially causing a local kernel panic. Attack surface includes scenarios w...
EUVD-2026-39311
In the Linux kernel, the following vulnerability has been resolved: netfilter: revalidate bridge ports ebtredirecttg dereferences brportgetrcu return without a NULL check, causing a kernel panic when the bridge port has been removed between the original hook invocation and an NFQUEUE reinject. A...
CVE-2026-53215 net: mvpp2: refill RX buffers before XDP or skb use
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: refill RX buffers before XDP or skb use The RX error path returns the current descriptor buffer to the hardware BM pool. That is only valid while the driver still owns the buffer. mvpp2rxrefill can fail after the...
PT-2026-52310
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mvpp2 network driver where the RX error path returns the current descriptor buffer to the hardware Buffer Manager BM pool. This action is only valid while the driv...
CVE-2026-53091
In the Linux kernel, the following vulnerability has been resolved: net: pull headers in qdiscpktlensegsinit Most ndostartxmit methods expects headers of gso packets to be already in skb-head. net/core/tso.c users are particularly at risk, because tsobuildhdr does a memcpyhdr, skb-data, hdrlen;...
CVE-2026-53091
The CVE-2026-53091 issue concerns the Linux kernel’s handling of GSO packet headers during qdisc_pkt_len_segs_init(). The root cause is that many ndo_start_xmit() paths assume headers are already in skb->head, while tso_build_hdr() may copy from skb->data, and qdisc_pkt_len_segs_init() diss...