334 matches found
CVE-2026-63845 drm/amdgpu/jpeg: set no_user_fence for JPEG v4.0 ring
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/jpeg: set nouserfence for JPEG v4.0 ring JPEG rings do not support 64-bit user fence writes, reject CS submissions with user fences. cherry picked from commit 8d0cac9478a3f046279c657d6a2545de49ae675a...
ROOT-OS-UBUNTU-2404-CVE-2025-68188 CVE-2025-68188 in rootio-linux - Patched by Root
Root has patched CVE-2025-68188 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
GHSA-MHWW-P97M-3368 AWS-JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance
Aurora PostgreSQL is a fully managed relational database engine that's compatible with PostgreSQL. The team has identified CVE-2026-11400, an issue in Aurora PostgreSQL using the AWS Advanced JDBC Wrapper Impact An issue in AWS Wrappers for Amazon Aurora PostgreSQL will allow for privilege...
CVE-2026-42172
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Sanctum API tokens did not expire, allowing a leaked token to retain access indefinitely until manually revoked. This issue is fixed in version 4.0.0-beta.474...
EUVD-2026-41982
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the...
CVE-2026-34594
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, an authenticated command injection vulnerability in the Destination Network Management functionality allows users with destination management permissions to execute arbitra...
EUVD-2026-39744
Administrator SQL Injection in WP All Import = 4.0.1 versions...
EUVD-2026-37647
Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...
EUVD-2026-37653
Unauthenticated Local File Inclusion in Right Way = 4.0 versions...
CVE-2026-30803
CVE-2026-30803 describes an Integer Underflow in RTI Connext Micro (Core Libraries) that allows an overread of buffers. Affected is Connext Micro versions from 4.0.0 up to, but not including, 4.3.0. The description provided does not specify a disclosed exploit, mitigation, or a confirmed fix vers...
EUVD-2026-36969
Subscriber Arbitrary File Upload in WP-BusinessDirectory = 4.0.0 versions...
CVE-2026-45384 bit7z: Arbitrary File Overwrite via Symlink Attack on Predictable Temp File During Archive Update
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive update. This issue has been patched in version 4.0.12...
CVE-2026-46340 vulnerabilities
Vulnerabilities for packages: management-api-for-apache-cassandra-4.0, pinot-fips, thingsboard, management-api-for-apache-cassandra-4.1, apache-hop-fips, trino, pinot, celeborn, apache-hop, seata, tez, management-api-for-apache-cassandra-5.0...
PT-2026-48266
Evoluted PHP Directory Listing Script through 4.0.5 contains a reflected cross-site scripting vulnerability in index.php where the dir parameter value is reflected without HTML encoding inside the HTML title element and inside anchor href attributes in the breadcrumb navigation. Attackers can...
CVE-2026-33807
@fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path, the middleware path is prefixed a second time,...
RLSA-2026:20606 Important: ruby4.0 security update
Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible. Security Fixes: ruby/json: Ruby JSON: Denial of Service or Informatio...
CVE-2025-14774
Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...
CVE-2025-14771
Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...
PT-2026-45907
Name of the Vulnerable Software and Affected Versions ABB T-MAC Plus version 4.0-24 Description A file disclosure issue exists in the ABB T-MAC Plus web application and the ABB T-MAC plus Server - Default IIS Web Site, where files or directories are accessible to external parties. Recommendations...
CVE-2026-1829 Content Visibility for Divi Builder <= 4.02 - Authenticated (Contributor+) Remote Code Execution
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'etpbtext' shortcode 'cvdbcontentvisibilitycheck' parameter. This makes it possible for authenticated attackers, with Contributor-level access and...