WordPress plugin Element Pack Elementor Addons 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

Malicious Package

Overview pubnub-element is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Linux Distros Unpatched Vulnerability : CVE-2026-40227

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element. CVE-2026-40227 Note...

SUSE CVE-2026-40227

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...

CVE-2026-33783

A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privileges to cause a complete Denial of Service DoS. If colored SRTE policy tunnels are provisioned via...

Malicious code in pubnub-element (npm)

Malicious scripts exfiltrate sensitive info username, path, hostname to a remote webhook via wget in test, preinstall & preupdate. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f1f86ef3c85074c2ca23cfd60296a4875f6bc610547f691543cef5f38e1788a The package...

GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay

A flaw was found in GStreamer. This out-of-bounds write vulnerability exists within the rtpqdm2depay element, specifically during the processing of X-QDM Real-time Transport Protocol RTP payload elements. A remote attacker can exploit this by providing malformed user-supplied data to the packetid...

CVE-2026-40227

A flaw was found in systemd. A local unprivileged user can exploit this vulnerability by making an Inter-Process Communication IPC API call with a specially crafted array or map containing a null element. This can trigger an assert, leading to a Denial of Service DoS condition, which makes the...

EUVD-2026-21402

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...

Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration

The fix for CVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName system property, but not when configured through the verifyHostName attribute of the element. Although the verifyHostName configuration attribute was introduced in Log4...

DEBIAN-CVE-2026-40227

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...

CVE-2026-40227

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...

CVE-2026-34477

The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...

CVE-2026-40227

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...

UBUNTU-CVE-2026-40227

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...

UBUNTU-CVE-2026-34477

The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...

Comparison Using Wrong Factors

Overview Affected versions of this package are vulnerable to Comparison Using Wrong Factors in the IPC API call process when an array or map containing a null element is provided. An attacker can cause a system crash by sending specially crafted IPC API requests. Remediation A fix was pushed into...

CVE-2026-34477 Apache Log4j Core: verifyHostName attribute silently ignored in TLS configuration, allowing hostname verification bypass

The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...

CVE-2026-34477

CVE-2025-68161 (and CVE-2026-34477) affect Apache Log4j Core Socket Appender where TLS hostname verification was silently ignored when configured via verifyHostName, leaving potential MITM scenarios under SMTP, Socket, or Syslog Appenders using a nested element. The issue spans versions 2.0-beta...

CVE-2026-40227

CVE-2026-40227 affects systemd 260 prior to 261. A local unprivileged user can trigger an assertion via an IPC API call when passing an array or map that contains a null element. The vulnerability leads to a crash (assertion failure) rather than a remote compromise, with impact on availability as...