276 matches found
PT-2026-53938
Name of the Vulnerable Software and Affected Versions python313-lxml html clean versions prior to 0.4.5-1.1 python-lxml-doc versions prior to 6.1.1-1.1 Description Security issues were identified in the python313-lxml html clean and python-lxml-doc packages. Recommendations Update python313-lxml...
CVE-2026-27366
Unauthenticated Broken Access Control in MainWP Child = 6.1.1 versions...
EUVD-2026-39362
Unauthenticated Broken Access Control in MainWP Child = 6.1.1 versions...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: do not free the NULL coalescing rule. If parsing fails, we can dereference a NULL pointer here...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: smb: client: fixed the warning in cifssmb3domount This fixes the following warning reported by the kernel test robot: fs/smb/client/cifsfs.c:982 cifssmb3domount warning: possible memory leak of ‘cifssb’...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: smb: client: fixed a potential Use-after-Allocation error in cifssignalcifsdforreconnect. Skipped sessions that are being terminated status == SESEXITING to avoid UAF errors...
OpenEMR < 7.0.1 - Cross-Site Scripting
Cross-site Scripting XSS - Reflected in GitHub repository openemr/openemr prior to 7.0.1. id: CVE-2023-2948 info: name: OpenEMR 7.0.1 - Cross-Site Scripting author: ritikchaddha,princechaddha severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository openemr/openemr...
CVE-2026-8683
Mattermost Desktop App
EUVD-2026-36732
Mattermost Desktop App versions =6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID:...
CVE-2026-42096
Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within database user context. The vendor was notified early about this vulnerability, but didn't respond wi...
CVE-2026-42100
Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service DoS attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly. The vendor was notified early about this vulnerability,...
CVE-2026-10586
The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.3 via the saveaigeneratedimage function. This makes it possible for authenticated attackers, with Author-level...
SUSE-SU-2026:21917-1 Security update for kernel-livepatch-MICRO-6-0_Update_23
This update for kernel-livepatch-MICRO-6-0Update23 fixes the following issues: - New livepatch SLE Micro 6.0/6.1 kernel update 23...
CVE-2026-10056
CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account...
PT-2026-44744
Name of the Vulnerable Software and Affected Versions WP Maps Pro versions prior to 6.1.1 Description The WP Maps Pro plugin for WordPress contains a flaw allowing unauthenticated attackers to create administrator accounts and achieve complete site takeover. The issue stems from a temporary acces...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ocfs2: A potential NULL pointer dereferencing has been fixed in ocfs2setbufferuptodate. During cleanup, if flags do not include OCFS2BHREADAHEAD, it may trigger a NULL pointer dereferencing in the ocfs2setbufferuptodate function,...
Astra Linux – Vulnerability in ffmpeg5
Buffer overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allowing a local attacker to execute arbitrary code and cause a denial of service DoS via the afdialoguenhance.c:261:5 in the destereo component...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: The commit 7ba5ca32fe6e “ALSA: firewire-lib: operate for period elapse event in process context” removed the process context workqueue from amdtpdomainstreampcmpointer and updatepcmpointers, thereby eliminating its overhead. With...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: Fix to avoid panic in f2fsevict inode As syzbot 1 reported as follows: R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffe17473450 R13: 00007f28b1c10854 R14: 000000000000dae5 R15: 00007ffe17474520 --- End trace:...
CVE-2026-42100
Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service DoS attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly. The vendor was notified early about this vulnerability,...