CVE-2026-41120

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution...

CVE-2026-41120

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution...

CVE-2026-54848 WordPress APIExperts Square for WooCommerce plugin <= 4.7.3 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3...

CVE-2026-57619 WordPress Elementor Website Builder plugin <= 4.1.3 - Sensitive Data Exposure vulnerability

Contributor Sensitive Data Exposure in Elementor Website Builder = 4.1.3 versions...

CVE-2026-57619 WordPress Elementor Website Builder plugin <= 4.1.3 - Sensitive Data Exposure vulnerability

Contributor Sensitive Data Exposure in Elementor Website Builder = 4.1.3 versions...

CVE-2026-42390 ZONEMD validation can be bypassed

An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZONEMD validation...

CVE-2026-40208

An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame...

Vulnerabilities are handled in GitLab Community Edition and Enterprise Edition

GitLab Inc. has identified several vulnerabilities in GitLab Enterprise Edition EE and other versions of GitLab, particularly in releases from version 8.3 to 19.1.1, with a focus on versions around 18.11.6, 19.0.3, and 19.1.1. These vulnerabilities affect various components of GitLab, including t...

CVE-2026-53263

In Linux kernel CVE-2026-53263, the 6lowpan multicast context address compression had an off‑by‑one in the second memcpy of lowpan_iphc_mcast_ctx_addr_compress(), using data[1] and ipaddr-&gt;s6_addr[11] instead of data[2] and ipaddr-&gt;s6_addr[12]. This caused data[1] to be overwritten (RIID co...

EUVD-2026-39214

In the Linux kernel, the following vulnerability has been resolved: 6lowpan: fix off-by-one in multicast context address compression The second memcpy in lowpaniphcmcastctxaddrcompress uses &data1 as destination and &ipaddr-s6addr11 as source, but both should be offset by one: &data2 and...

CVE-2026-53255

CVE-2026-53255 (Linux kernel Bluetooth MGMT TLV parsing) : The vulnerability arises in tlv_data_is_valid() where the advertising data field length is read from data[i] and the parser inspects data[i+1] for EIR types before confirming the field fits in the buffer. A malformed field whose length by...

EUVD-2026-39205

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: validate skb length in MCC handlers The RFCOMM MCC handlers cast skb-data to protocol-specific structs without validating skb-len first. A malicious remote device can send truncated MCC frames and trigger...

CVE-2026-53235

The CVE-2026-53235 issue affects the Linux kernel: skb_gro_receive_list() called skb_pull() without ensuring the data is in the linear area via pskb_may_pull(), which can occur when packets arrive via napi_gro_frags() and data is in page fragments with a non-zero skb_gro_offset. This can lead to ...

EUVD-2026-39326

In the Linux kernel, the following vulnerability has been resolved: net: add pskbmaypull to skbgroreceivelist skbgroreceivelist calls skbpullskb, skbgrooffsetskb without first ensuring the data is in the linear area via pskbmaypull. When the skb arrives via napigrofrags, skbheadlen can be 0 all...

EUVD-2026-39315

In the Linux kernel, the following vulnerability has been resolved: sctp: validate embedded INIT chunk and address list lengths in cookie sctpunpackcookie only checked that the embedded INIT chunk length did not exceed the remaining cookie payload, but did not ensure that the INIT chunk is large...

CVE-2026-53218

The vulnerability CVE-2026-53218 affects the Linux kernel netfilter nft_exthdr code. The root cause is in register tracking when the NFT_EXTHDR_F_PRESENT flag is used: nft_exthdr_init() passes user-controlled priv-&gt;len to nft_parse_register_store(), which marks that many bytes in the register ...

EUVD-2026-39309

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftexthdr: fix register tracking for FPRESENT flag nftexthdrinit passes user-controlled priv-len to nftparseregisterstore, which marks that many bytes in the register bitmap as initialized. However, when...

CVE-2026-53217

In CVE-2026-53217, the Linux kernel fix targets mvpp2 RX data synchronization. The issue arises when mvpp2 programs the RX queue offset and hardware writes data at dma_addr + MVPP2_SKB_HEADROOM, while the CPU sync starting at dma_addr only covers rx_bytes + MVPP2_MH_SIZE. On non-coherent DMA, thi...

EUVD-2026-39308

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: sync RX data at the hardware packet offset mvpp2 programs the RX queue packet offset, so hardware writes received data at dmaaddr + MVPP2SKBHEADROOM. The current CPU sync starts at dmaaddr and only covers rxbytes +...

CVE-2026-53216

The CVE-2026-53216 issue affects the Linux kernel, specifically the mvpp2 XDP path. Short BM pool buffers can be smaller than PAGE_SIZE, but xdp_buff is initialized with PAGE_SIZE, causing XDP tail growth validation to miscompute and potentially exceed the real allocation, risking memory corrupti...