CVE-2026-45329

ESF-IDF (Espressif IoT Development Framework) contains a vulnerability in ESP-TEE secure-service wrappers (esp_secure_services.c and esp_secure_services_iram.c) affecting versions 5.5.4 and 6.0. Several caller-supplied pointer arguments were not fully validated, allowing inputs to reference TEE-e...

Astra Linux - уязвимость в linux-5.10, linux

In the usbmon module of the Linux kernel, the files drivers/usb/mon/monbin.c before version 5.19.15 and versions 6.x before 6.0.1 allow a user-space client to corrupt the internal memory of the monitor...

0utmailauth (=1.0.0), @1023-ventures/ursa-core (>=0.5.2 <=0.5.3) +1997 more potentially affected by CVE-2026-1528 via undici (>=6.0.1 <=6.23.0)

undici NPM version =6.0.1, =0.5.2, =0.5.2, =0.4.2, =0.5.116, =1.3.7, =1.3.7, =1.3.7, =1.0.0, =1.0.0, =0.1.5-alpha.0, =1.0.9-beta.0, =0.5.21, =0.5.43 and more Source cves: CVE-2026-1528 Source advisory: SNYK:JS-UNDICI-15518064...

CVE-2025-66546

Summary: CVE-2025-66546 affects Nextcloud Calendar. The vulnerability arises from the calendar’s handling of appointment IDs, allowing blind booking of appointments without knowledge of the appointment token. Affected software/versions (as documented): Nextcloud Calendar prior to 4.7.19, prior to...

CVE-2025-52666

Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error...

CVE-2025-52670

Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts...

CVE-2025-52670

Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts...

CVE-2025-52667

Missing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possible for a logged in manager user...

CVE-2025-52666

Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error...

CVE-2025-52668

Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack...

CVE-2025-48987

Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack...

PT-2025-47616

Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error...

CVE-2025-8064

The CVE describes a Stored Cross-Site Scripting vulnerability in the Bible SuperSearch WordPress plugin (

Google Android 安全漏洞

Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. An elevation of privilege vulnerability exists in the System component of Google Android 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. An attacker can exploit this...

0utmailauth (=1.0.0), 0xkobold (>=0.0.1 <=0.8.0) +15394 more potentially affected by CVE-2024-24750 via undici (>=6.0.1 <=6.5.0)

undici NPM version =6.0.1, =0.0.1, =1.0.1, =1.0.0, =1.0.0, =1.0.1, =1.0.68, =4.11.0, =4.11.46 - 7up-dev =1.0.0 - 7up-developer =1.0.0 - 7up-kingdom =1.0.0 - 7up-nub =1.0.0 and more Source cves: CVE-2024-24750 Source advisory: OSV:GHSA-9F24-JQHM-JFCW...

DoS (Denial of Service) ch.qos.logback:logback-classic Dependency in Confluence Data Center and Server

This High severity ch.qos.logback:logback-classic Dependency vulnerability was introduced in versions 6.0.1 of Confluence Data Center and Server. This ch.qos.logback:logback-classic Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:...

SUSE CVE-2017-0553

An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform...

IBM Sterling Secure Proxy 加密问题漏洞

IBM Sterling Secure Proxy creates a security barrier for trusted networks by preventing direct connections between external partners and internal servers. IBM Sterling Secure Proxy versions 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contain a weak encryption algorithm vulnerability. An attacker could...

PT-2021-18433 · Ibm · Ibm Secure Proxy +1

Name of the Vulnerable Software and Affected Versions: IBM Secure External Authentication Server versions 2.4.3.2, 6.0.1, 6.0.2 IBM Secure Proxy versions 3.4.3.2, 6.0.1, 6.0.2 Description: The issue allows a remote user to consume resources, causing a denial of service due to a resource leak...

VulnCheck KEV: CVE-2017-13156

An elevation of privilege vulnerability in the Android system art. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847...