46 matches found
CVE-2026-6683
FatFs R0.16 and earlier contains a divide-by-zero in exFAT sync logic bug when crafted metadata causes nfatent - 2 to be zero during write/sync operations. This maps to CWE-369 Divide By Zero. Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 4.6, Medium. Network-delivered...
CVE-2026-41431
Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource MAR updater org.mozilla.updater that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signatures...
OPENSUSE-SU-2026:20880-1 Security update for python-pip
This update for python-pip fixes the following issues: - CVE-2026-3219: concatenated tar and ZIP files are handled as ZIP files, resulting in possibly obfuscated malicious code bsc1262429. - CVE-2026-6357: pip self-update functionality can import newly installed modules after wheel installation,...
Linux Distros Unpatched Vulnerability : CVE-2026-43389
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mm: memfdluo: always dirty all folios A dirty folio is one which has been written to. A clea...
CVE-2026-4133
The TextP2P Texting Widget WordPress plugin (versions ≤ 1.7) is vulnerable to Cross-Site Request Forgery due to missing nonce validation in imTextP2POptionPage(). The settings form (line 314) lacks wp_nonce_field(), and the POST handler (line 7) does not call check_admin_referer() or wp_verify_no...
PT-2026-34184
Name of the Vulnerable Software and Affected Versions Zero Motorcycles firmware versions 44 and prior Description An issue in the Bluetooth pairing process allows an attacker in close proximity to forcibly pair a device with the motorcycle while it is in pairing mode. Once paired, the attacker ca...
CVE-2026-28806
Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...
GHSA-7XHJ-55Q9-PC3M OpenClaw's hook transform module path allows traversal and arbitrary JavaScript module loading
Summary OpenClaw hook mapping transforms could be loaded via absolute paths or .. traversal, allowing arbitrary JavaScript module loading/execution in the gateway process when an attacker can modify hooks configuration. Affected Versions - Affected: = 2.0.0-beta3 and = 2026.2.13 - Fixed: 2026.2.1...
CVE-2025-14465 Sticky Action Buttons <= 1.1 - Cross-Site Request Forgery to Plugin Settings Update
The Sticky Action Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the sabsoptionspageformsubmit function. This makes it possible for unauthenticated attackers to update plug...
PT-2025-44953
The LMB^Box Smileys plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the manage page function. This makes it possible for unauthenticated attackers to update settings and inject...
CVE-2024-13996
Nagios XI versions prior to 2024R1.1.3 did not invalidate all other active sessions for a user when that user's password was changed. As a result, any pre-existing sessions including those potentially controlled by an attacker remained valid after a credential update. This insufficient session...
EUVD-2014-5294
Malware in sbrugna...
EUVD-2021-26918
Malware in sbrugna...
EUVD-2002-0670
Malware in sbrugna...
EUVD-2022-27897
Malicious code in bioql PyPI...
EUVD-2022-39075
Malicious code in bioql PyPI...
EUVD-2023-48191
Malicious code in bioql PyPI...
CVE-2025-7965
CVE-2025-7965 concerns the WordPress CBX Restaurant Booking plugin (versions up to 1.2.1). The vulnerability is a missing CSRF check when updating settings, which could let a logged-in attacker perform admin-level changes via a CSRF attack. The CVSS 3.1 base metrics indicate a medium severity (4....
PT-2025-23761 · WordPress · Filterprovider
Name of the Vulnerable Software and Affected Versions: File Provider versions 1.2.3 and earlier Description: The issue is related to the lack of a CSRF check when updating settings in the File Provider WordPress plugin. This could allow attackers to make a logged-in admin change the settings via ...
CVE-2024-5570
The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...