Cockpit Web Console < 360 - Remote Code Execution

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...

CVE-2026-8705

The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the pagsegurometodo POST parameter of the clearsaletotalpush AJAX action in all versions up to, and including, 3.4.2. The handler is registered for unauthenticated users wpajaxnoprivclearsaletotalpush, and although a...

PT-2026-51686

Name of the Vulnerable Software and Affected Versions ClearSale Total versions prior to 3.4.3 Description An issue exists in the clearsale total push AJAX action where the pagsegurometodo POST parameter is not properly sanitized. The handler is accessible to unauthenticated users via wp ajax nopr...

CVE-2026-46077 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46077 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-46132 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46132 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-46086 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46086 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-46142 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46142 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

NPM: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

NPM: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding vulnerability discovered by ? in WordPress Npm undici versions 6.27.0...

Astra Linux – Vulnerability in Firefox and Thunderbird

If a PAC URL was set, and the server hosting the PAC was unreachable, OCSP requests would be blocked, resulting in incorrect error pages being displayed. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

Astra Linux – Vulnerability in Firefox

JIT compilation errors in the JavaScript Engine: JIT component. This vulnerability has been fixed in Firefox 145 and Thunderbird 145...

Astra Linux – Vulnerability in Firefox and Thunderbird

Memory safety bugs exist in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143, and Thunderbird 143. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code...

Astra Linux – Vulnerability in Firefox, Thunderbird

Race condition in the Graphics component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5...

Astra Linux – Vulnerability in Firefox and Thunderbird

Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 96 and Firefox ESR 91.5. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code...

Astra Linux – Vulnerability in Firefox and Thunderbird

Repeatedly writing to the history interface attributes could have caused a denial-of-service condition in the browser. This issue was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...

Astra Linux – Vulnerability in Firefox

If multiple instances of resource exhaustion occur at the wrong time, the garbage collector could cause memory corruption and potentially exploitable crashes. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

CVE-2025-15657

Unauthenticated Insecure Direct Object References IDOR in School Management = 93.1.0 versions...

CVE-2026-54811

Unauthenticated SQL Injection in WP eMember v10.9.4 versions...

CVE-2026-42629

Unauthenticated Broken Authentication in PowerPack Pro for Elementor v2.13.0 versions...

CVE-2025-15642

Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List DACLs on the service object and related registry keys,. Produc...

EUVD-2026-37685

Unauthenticated PHP Object Injection in Alukas 3.0.0 versions...