OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode

A flaw was found in OpenSSH. When the scp command is used by a root user to download a file with the legacy protocol option -O and without preserving original file permissions -p, the downloaded file can be installed with elevated privileges setuid or setgid. This unexpected behavior could allow ...

CVE-2025-11262 Link Whisper Free <= 0.9.0 - Unauthenticated Stored Cross-Site Scripting

The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-11262

The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

PT-2026-44755

The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user id parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2026-35671

phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without authorization verification. An attacker with low-privilege admin credentials can escalate to...

CVE-2026-7802

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.29.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

CVE-2026-7802

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.29.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

PT-2026-44179

Name of the Vulnerable Software and Affected Versions Frontend Admin by DynamiApps versions prior to 3.29.3 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Authenticated attackers with subscriber-level...

CVE-2026-44324

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler panics on a single authenticated request against a fresh UDR instance when the supplied ueId does n...

EUVD-2026-32128

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view userid parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table...

CVE-2026-48961

IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...

CVE-2026-48961

CVE-2026-48961 affects IO::Compress for Perl: versions 2.207 through 2.219 include a bug in the bundled zipdetails CLI tool where decoding an Info-ZIP Unix Extra Field (tag 0x7875) with UID/GID size 8 triggers a misnamed function call unpackValueQ, causing an undefined subroutine error and exit (...

PT-2026-43452

TL;DR This vulnerability affects all Kirby sites on Kirby 5.3.0-5.4.0 and is independent from setup conditions and authentication. This vulnerability is of high severity for all Kirby sites. ---- Introduction Path traversal is a type of attack that allows to access arbitrary filesystem paths. By...

MAL-2026-4594 Malicious code in koishi-plugin-fusheng-car (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35bbb2f7cdae32f1a5012363b81298fd339c96b83718db535d77c0bdc0f936ec lib/index.js contains a hardcoded base64-encoded QQ user ID 'Mjc1OTcyMDE2MQ==' decoding to '2759720161' checked inside the plugin's permission gate...

Exploit for Out-of-bounds Write in Paloaltonetworks Pan-Os

CVE-2026-0300 — Palo Alto Networks PAN-OS BOF RCE root...

Ubuntu 25.10 / 26.04 LTS : Bubblewrap vulnerability (USN-8288-1)

The remote Ubuntu 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8288-1 advisory. It was discovered that Bubblewrap incorrectly handled the sandbox setup phase when installed in setuid mode. A local attacker could possibly use this issu...

containerd user ID handling bypass allows runAsNonRoot evasion

Impact A bug was found in containerd where containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. If a crafted image provides an /etc/passwd file mapping this large numeric string to root, the container ultimately runs as...

CVE-2026-9087 Keycloak: cross-session email verification proof not bound to upstream identity in first-broker-login

A flaw was found in Keycloak. The cross-session verification proof is keyed only by local userId, idpAlias and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: fs/9p: Only the RWX permissions are translated for the plain 9P2000. Garbage data is allowed to pass through the perm bits of the plain 9P2000, allowing it to set, among other things, the suid bit. This probably wasn’t the intend...

Astra Linux - уязвимость в containerd-app

Containerd is an open-source container runtime. A bug was discovered in Containerd prior to versions 1.6.38, 1.7.27, and 2.0.4. In these versions, containers launched with a User set as UID:GID that exceeded the maximum 32-bit signed integer could cause an overflow condition, resulting in the...