CVE-2026-4272 CVE-2026-4272 - Bluetooth Remote Execution of System Commands Vulnerability

Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse.This issue affects Handheld Scanners: from C1 BaseIngenic x1000 before GK000432BAA, from D1 BaseIngenic x1600 before HE000085BAA, from A1/B1 BaseIMX25 before...

CVE-2026-3704

CVE-2026-3704 affects Wavlink NU516U1 251208 via /cgi-bin/firewall.cgi, targeting sub_405B2C with a command-injection flaw in the Incomplete Fix CVE-2025-10959. Exploitation is remote and the exploit has been disclosed publicly. Upgrading to the fixed component is recommended. Public references i...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the SideroLink connection. An attacker can send arbitrary packets over the interface by exploiting the lack of validation on the packet's destination address. Workaround Users who are not able to upgrade to t...

CVE-2024-38809

Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers,...

CVE-2024-40637 Implicit override for built-in materializations from installed packages in dbt-core

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it...

PT-2023-25891 · Mediawiki +1 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki CheckUser extension versions through 1.39.3 Description: An issue was discovered in the "CheckUserLog API" in the CheckUser extension for MediaWiki. There is incorrect access control for visibility of hidden users. Recommendations:...

PT-2022-24966 · Oracle · Oracle Database Server +1

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 19c through 21c Description: The issue affects the Java VM component, allowing a low-privileged attacker with Create Procedure privilege and network access via Oracle Net to compromise the Java VM. This can...

Debian Security Advisory DSA 2830-1 (ruby-i18n - cross-site scripting)

Peter McLarnan discovered that the internationalization component of Ruby on Rails does not properly encode parameters in generated HTML code, resulting in a cross-site scripting vulnerability. This update corrects the underlying vulnerability in the i18n gem, as provided by the ruby-i18n package...