3156 matches found
CVE-2026-54839 WordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups plugin <= 2.0.9 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Trinity Backup Backup, Migrate, Restore, Clone & Schedule Backups = 2.0.9 versions...
CVE-2026-54839
The CVE concerns the WordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups plugin, affected
SUSE CVE-2026-53143
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11 The v11 MQD manager incorrectly assigned the CP-compute variants of checkpointmqd/restoremqd for KFDMQDTYPESDMA queues. These functions use sizeofstruct...
SUSE CVE-2026-53154
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: restore reservation on error in hugetlb folio copy paths Two sites in mm/hugetlb.c allocate a hugetlb folio via allochugetlbfolio consuming a VMA reservation and then call copyuserlargefolio, which became int-returnin...
SUSE CVE-2026-53201
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/xe: Skip exec queue schedule toggle if queue is idle during suspend" This reverts commit 8533051ce92015e9cc6f75e0d52119b9d91610b6. The idle-skip optimization bypasses GuC suspend, so the GPU may not perform the contex...
RHEL 8 : redis:6 (RHSA-2026:29817)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:29817 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and...
GO-2026-5622 Arbitrary host CRI log file read via symlink following in CRI checkpoint restore in github.com/containerd/containerd
Arbitrary host CRI log file read via symlink following in CRI checkpoint restore in github.com/containerd/containerd...
CVE-2026-54250
K3s is a fully conformant production-ready Kubernetes distribution. Prior to 1.35.3+k3s1, 1.34.6+k3s1, v1.33.10+k3s1, a path traversal vulnerability exists in K3s's etcd snapshot decompression functionality. Zip files containing archive members with maliciously crafted names can be written to...
CVE-2026-54250
K3s is a fully conformant production-ready Kubernetes distribution. Prior to 1.35.3+k3s1, 1.34.6+k3s1, v1.33.10+k3s1, a path traversal vulnerability exists in K3s's etcd snapshot decompression functionality. Zip files containing archive members with maliciously crafted names can be written to...
CVE-2026-54250 K3s: ZIP Archive Path Traversal Vulnerability in etcd Snapshot Decompression
K3s is a fully conformant production-ready Kubernetes distribution. Prior to 1.35.3+k3s1, 1.34.6+k3s1, v1.33.10+k3s1, a path traversal vulnerability exists in K3s's etcd snapshot decompression functionality. Zip files containing archive members with maliciously crafted names can be written to...
CVE-2026-54250
CVE-2026-54250 affects K3s by a ZIP archive path traversal in the etcd snapshot decompression. Before versions 1.35.3+k3s1, 1.34.6+k3s1, and v1.33.10+k3s1, a crafted ZIP member can be written to arbitrary filesystem locations when restoring an etcd snapshot, due to the decompression process. Impa...
redis: RESTORE invalid memory access may allow remote code execution
A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...
CVE-2026-53154
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: restore reservation on error in hugetlb folio copy paths Two sites in mm/hugetlb.c allocate a hugetlb folio via allochugetlbfolio consuming a VMA reservation and then call copyuserlargefolio, which became int-returnin...
CVE-2026-53143
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11 The v11 MQD manager incorrectly assigned the CP-compute variants of checkpointmqd/restoremqd for KFDMQDTYPESDMA queues. These functions use sizeofstruct...
UBUNTU-CVE-2026-53154
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: restore reservation on error in hugetlb folio copy paths Two sites in mm/hugetlb.c allocate a hugetlb folio via allochugetlbfolio consuming a VMA reservation and then call copyuserlargefolio, which became int-returnin...
UBUNTU-CVE-2026-53270
In the Linux kernel, the following vulnerability has been resolved: ipvs: clear the svc scheduler ptr early on edit ipvseditservice while unbinding the old scheduler clears the svc-scheduler ptr after the scheduler module initiates RCU callbacks. This can cause packets to use the old scheduler at...
UBUNTU-CVE-2026-53143
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11 The v11 MQD manager incorrectly assigned the CP-compute variants of checkpointmqd/restoremqd for KFDMQDTYPESDMA queues. These functions use sizeofstruct...
CVE-2026-53270 ipvs: clear the svc scheduler ptr early on edit
In the Linux kernel, the following vulnerability has been resolved: ipvs: clear the svc scheduler ptr early on edit ipvseditservice while unbinding the old scheduler clears the svc-scheduler ptr after the scheduler module initiates RCU callbacks. This can cause packets to use the old scheduler at...
EUVD-2026-39221
In the Linux kernel, the following vulnerability has been resolved: ipvs: clear the svc scheduler ptr early on edit ipvseditservice while unbinding the old scheduler clears the svc-scheduler ptr after the scheduler module initiates RCU callbacks. This can cause packets to use the old scheduler at...
CVE-2026-53270
The CVE-2026-53270 issue affects the Linux kernel IP Virtual Server (IPVS). During ip_vs_edit_service(), unbinding the old scheduler did not clear the svc->scheduler pointer early enough, so packets could reference freed sched_data after the RCU grace period. The documented fix clears the poin...