CVE-2026-1519

A flaw was found in BIND. A remote attacker could exploit this vulnerability by sending a maliciously crafted DNSSEC-validated zone to a BIND resolver. This could cause the resolver to consume excessive CPU resources, leading to a denial of service DoS for legitimate users. Mitigation To mitigate...

CVE-2026-25018

CVE-2026-25018 affects the WordPress NaturaLife Extensions plugin (versions n/a through 2.1). The vulnerability is a Reflected Cross-Site Scripting (XSS) caused by improper input neutralization during web page generation. Affected component is the NaturaLife Extensions plugin for WordPress; root ...

CVE-2026-25018 WordPress NaturaLife Extensions plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in stmcan NaturaLife Extensions naturalife-extensions allows Reflected XSS.This issue affects NaturaLife Extensions: from n/a through = 2.1...

CVE-2026-25017

The CVE pertains to a Local File Inclusion in the WordPress NaturaLife Extensions plugin (versions n/a through 2.1) caused by improper control of filename handling in PHP Include/Require statements. Affected component: NaturaLife Extensions WordPress plugin; vulnerability type: PHP Local File Inc...

CVE-2026-25018 WordPress NaturaLife Extensions plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in stmcan NaturaLife Extensions naturalife-extensions allows Reflected XSS.This issue affects NaturaLife Extensions: from n/a through = 2.1...

CVE-2026-25017 WordPress NaturaLife Extensions plugin <= 2.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in stmcan NaturaLife Extensions naturalife-extensions allows PHP Local File Inclusion.This issue affects NaturaLife Extensions: from n/a through = 2.1...

WordPress plugin NaturaLife Extensions 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-38145

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description Insufficient policy enforcement in Extensions allows a remote attacker who has compromised the renderer process to bypass discretionary access control a type of access control where the...

PT-2026-28180

Name of the Vulnerable Software and Affected Versions OpenTelemetry Java Instrumentation versions prior to 2.26.1 Description The Java instrumentation for OpenTelemetry registers a custom endpoint that deserializes incoming data without applying serialization filters. An attacker with network...

PT-2026-27884

Name of the Vulnerable Software and Affected Versions NaturaLife Extensions versions n/a through 2.1 Description A flaw exists in NaturaLife Extensions that allows for PHP Local File Inclusion due to improper control of filename handling for Include/Require statements. This issue impacts the...

WordPress plugin NaturaLife Extensions 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-27885

Name of the Vulnerable Software and Affected Versions stmcan NaturaLife Extensions versions n/a through 2.1 Description The software contains a flaw due to improper handling of user-supplied data during web page creation, which can lead to reflected cross-site scripting XSS. This allows an attack...

MGASA-2026-0064 Updated webkit2 packages fix security vulnerabilities

CVE-2025-43457 Processing maliciously crafted web content may lead to an unexpected Safari crash. A use-after-free issue was addressed with improved memory management. CVE-2026-20608 Processing maliciously crafted web content may lead to an unexpected process crash. This issue was addressed throu...

Updated webkit2 packages fix security vulnerabilities

CVE-2025-43457 Processing maliciously crafted web content may lead to an unexpected Safari crash. A use-after-free issue was addressed with improved memory management. CVE-2026-20608 Processing maliciously crafted web content may lead to an unexpected process crash. This issue was addressed throu...

CVE-2026-33176

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...

WordPress NaturaLife Extensions plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin NaturaLife Extensions versions = 2.1...

WordPress NaturaLife Extensions plugin <= 2.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin NaturaLife Extensions versions = 2.1...

Chromium: CVE-2026-4458 Use after free in Extensions

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

KLA90950 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Base can be exploited to...

PT-2026-27256

Name of the Vulnerable Software and Affected Versions Active Support versions prior to 8.1.2.1 Active Support versions prior to 8.0.4.1 Active Support versions prior to 7.2.3.1 Description The NumberToDelimitedConverter component utilizes a regular expression with gsub! to insert thousands...