CLSA-2026-1768814484 ruby: Fix of CVE-2025-58767

CVE-2025-58767: fixed REXML to reject duplicate XML declarations and validate declaration attributes to protect from DoS...

ROS-20260119-7332

A vulnerability in the Linux operating system kernel is related to the use of memory after it has been freed. Exploitation of the vulnerability may allow an attacker to affect confidentiality, integrity and availability of protected information...

CVE-2025-13034

When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper chec...

CVE-2025-14075

The WP Hotel Booking plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.7. This is due to the plugin exposing the 'hotelbookingfetchcustomerinfo' AJAX action to unauthenticated users without proper capability checks, relying only on a...

CVE-2025-14075

CVE-2025-14075 affects the WP Hotel Booking plugin for WordPress (versions up to and including 2.2.7). The vulnerability exposes the unauthenticated AJAX action hotel_booking_fetch_customer_info without proper capability checks, relying only on a nonce. This allows unauthenticated attackers to re...

WordPress plugin WP Hotel Booking has a vulnerability related to information leakage

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-23731

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with...

CVE-2026-23731 WeGIA Clickjacking Vulnerability

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with...

CVE-2026-22918

An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data...

CVE-2025-15104 Nu Html Checker (validator.nu) - Restriction bypass vulnerability allowing local SSRF

Nu Html Checker validator.nu contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services. While the validator implements hostname-based protections to block direct access to localhost and...

H2O-3 PostgreSQL Driver RCE - Bypassing CVE-2025-6544 Mitigation

Description A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The current security mitigation implemented in H2O-3 relies on a parameter blacklist mechanism that exclusively targets MySQL JDBC...

SUSE CVE-2025-71127

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Discard Beacon frames to non-broadcast address Beacon frames are required to be sent to the broadcast address, see IEEE Std 802.11-2020, 11.1.3.1 "The Address 1 field of the Beacon .. frame shall be set to the...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004016)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004016 advisory. ext4protectreservedinode in fs/ext4/blockvalidity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service soft lockup via a crafted journal...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004523)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004523 advisory. A race condition in the Linux kernel before 5.5.7 involving VTRESIZEX could lead to a NULL pointer dereference and general protection fault. Tenable has extracted th...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003765)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003765 advisory. In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modifyldt and ...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004474)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004474 advisory. ext4protectreservedinode in fs/ext4/blockvalidity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service soft lockup via a crafted journal...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001517)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001517 advisory. A race condition in the Linux kernel before 5.5.7 involving VTRESIZEX could lead to a NULL pointer dereference and general protection fault. Tenable has extracted th...

MiracleLinux 7 : pcs-0.9.162-5.el7.1 (AXSA:2018-2813:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-2813:01 advisory. pcs: Privilege escalation via authorized user malicious REST call CVE-2018-1079 pcs: Debug parameter removal bypass, allowing information disclosure...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000896)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000896 advisory. arch/x86/include/asm/pgtable.h in the Linux kernel before 3.6.2, when transparent huge pages are used, does not properly support PROTNONE memory regions, which allow...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004240)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004240 advisory. A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disab...