11650 matches found
iboss Secure Web Gateway - Stored Cross-Site Scripting
A cross-site scripting vulnerability has been found in iboss Secure Web Gateway up to version 10.1. The vulnerability affects the /login file of the Login Portal component, where manipulation of the redirectUrl parameter leads to cross-site scripting. The attack can be launched remotely and the...
CVE-2026-11781 Adminify < 4.2.10 - Contributor+ Sensitive Information Disclosure via Global Search AJAX
The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role Contributor to disclose non-public content that WordPress would not otherwise expose to them,...
Important: Red Hat Security Advisory: mariadb:10.11 security, bug fix, and enhancement update
An update for the mariadb:10.11 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHSA-2026:33093 Red Hat Security Advisory: mariadb10.11 security, bug fix, and enhancement update
Bulletin has no description...
Important: Red Hat Security Advisory: galera and mariadb11.8 security, bug fix, and enhancement update
An update for multiple packages is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: Red Hat Security Advisory: glibc security, bug fix, and enhancement update
An update for glibc is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
AlmaLinux 10 : git-lfs (ALSA-2026:30855)
The remote AlmaLinux 10 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:30855 advisory. golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing CVE-2026-39821 Tenable has extracted the...
WordPress Novalnet Payment Gateway for WooCommerce plugin <= 12.10.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by qdtad in WordPress Plugin Novalnet Payment Gateway for WooCommerce versions = 12.10.3...
CVE-2026-53321
A flaw was found in the Linux kernel's iouring subsystem, specifically in the Networked Asynchronous Packet Interface NAPI busy polling. This vulnerability allows NAPI to poll indefinitely for events when none are present, which can cause a task to become stuck. This can lead to a Denial of Servi...
SUSE CVE-2026-53321
In the Linux kernel, the following vulnerability has been resolved: iouring/napi: cap busypollto 10 msec Currently there's no cap on the maximum amount of time that napi is allowed to poll if no events are found, which can lead to kernel complaints on a task being stuck as there's no conditional...
Linux Distros Unpatched Vulnerability : CVE-2026-53204
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - firmware: stratix10-rsu: Fix NULL deref on rsusendmsg timeout in probe rsusendmsg can return -ETIMEDOUT when waitforcompletioninterruptibletimeout fires while t...
Linux Distros Unpatched Vulnerability : CVE-2026-53321
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iouring/napi: cap busypollto 10 msec Currently there's no cap on the maximum amount of time that napi is allowed to poll if no events are found, which can lead ...
EUVD-2026-39492
pnpm Vulnerable to Arbitrary File Write/Delete via Malicious Patch File Path Traversal...
CVE-2026-53321
In the Linux kernel, the following vulnerability has been resolved: iouring/napi: cap busypollto 10 msec Currently there's no cap on the maximum amount of time that napi is allowed to poll if no events are found, which can lead to kernel complaints on a task being stuck as there's no conditional...
EUVD-2026-39856
In the Linux kernel, the following vulnerability has been resolved: iouring/napi: cap busypollto 10 msec Currently there's no cap on the maximum amount of time that napi is allowed to poll if no events are found, which can lead to kernel complaints on a task being stuck as there's no conditional...
CVE-2026-53321
CVE-2026-53321 : In the Linux kernel, the io_uring/napi path was missing a cap on the maximum polling time when no events are found. The issue arises from napi potentially polling for longer than reasonable times, leading to task stagnation without conditional rescheduling. A fix caps the total b...
buildah security update
An update is available for buildah. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The buildah package provides a tool for facilitating building OCI container...
SUSE CVE-2026-53204
In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL deref on rsusendmsg timeout in probe rsusendmsg can return -ETIMEDOUT when waitforcompletioninterruptibletimeout fires while the SMC call is still pending. In stratix10rsuprobe, the error paths f...
AlmaLinux 10 : kernel (ALSA-2026:27288)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:27288 advisory. kernel: can: isotp: fix tx.buf use-after-free in isotpsendmsg CVE-2026-31474 kernel: mptcp: fix slab-use-after-free in inetlookupestablished...
AlmaLinux 10 : buildah (ALSA-2026:29195)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:29195 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient...