CVE-2026-8391

Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11...

CVE-2026-28936

CVE-2026-28936 affects Apple platforms and is described as a vulnerability where processing a maliciously crafted file may lead to an unexpected app termination. It has been fixed in multiple updates: iOS 18.7.9 and iPadOS 18.7.9; iOS 26.5 and iPadOS 26.5; macOS Sonoma 14.8.7; macOS Tahoe 26.5; a...

CVE-2026-43115 vulnerabilities

Vulnerabilities for packages: linux-vmware, linux-qemu, linux-gcp, linux-azure, linux-aws, linux-qemu-melange...

CVE-2026-7145

A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attac...

PyBlade 安全漏洞

PyBlade is a lightweight and efficient Python template engine developed by Antares’ individual developers, supporting component-based development. Versions 0.1.8-alpha and 0.1.9-alpha of PyBlade contain security vulnerabilities, which stem from the improper handling of special elements within the...

CVE-2026-4701

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

Schneider Electric EcoStruxure Foxboro DCS Code Issue Vulnerability

The Schneider Electric EcoStruxure Foxboro DCS is an innovative fault-tolerant, highly available control component from Schneider Electric, France. A code issue vulnerability exists in the Schneider Electric EcoStruxure Foxboro DCS, which can be exploited by an attacker to cause compromise of...

EUVD-2026-9898

OpenClaw versions 2026.1.29 prior to 2026.2.1 contain a vulnerability in the Twitch plugin must be installed and enabled in which it fails to enforce the allowFrom allowlist when allowedRoles is unset or empty, allowing unauthorized Twitch users to trigger agent dispatch. Remote attackers can...

CVE-2026-24112

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by specifying the value of userInfo. When userInfo is passed into the addWewifiWhiteUser function and processed by sscanf without size validation, it could lead to a buffer overflow vulnerability...

MiracleLinux 7 : rh-mariadb101-mariadb-10.1.19-6.el7 (AXSA:2016-1178:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-1178:02 advisory. MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation...

CVE-2018-14441

An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. admin/admin/fileUploadActionfileUpload.action allows arbitrary file upload, as demonstrated by a .jsp file with the image/jpeg content type...

CVE-2019-20776

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. A TZ trusted application can crash via crafted input. The LG ID is LVE-SMP-190005 July 2019...

CVE-2026-22522 WordPress Block Slider plugin <= 2.2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Munir Kamal Block Slider block-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Block Slider: from n/a through = 2.2.3...

CVE-2019-16181

In Limesurvey before 3.17.14, admin users can mark other users' notifications as read...

CVE-2019-12992

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation issue 6 of 6...

PT-2026-26014

Name of the Vulnerable Software and Affected Versions Citrix XenServer version 8.4 Description The Intel EPT paging code includes an optimization that defers flushing of cached EPT state until the p2m lock is released. However, the freeing of paging structures is not deferred, potentially leading...

Linux Distros Unpatched Vulnerability : CVE-2025-14933

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NSF Unidata NetCDF-C NC Variable Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on...

InnovaStudio WYSIWYG Editor 代码问题漏洞

InnovaStudio WYSIWYG Editor is a rich text editor from InnovaStudio, Inc. A code issue vulnerability exists in InnovaStudio WYSIWYG Editor version 5.4, which stems from a file upload restriction bypass that could lead to the upload of malicious files...

CVE-2025-64433 affecting package kubevirt for versions less than 1.5.3-2

CVE-2025-64433 affecting package kubevirt for versions less than 1.5.3-2. An upgraded version of the package is available that resolves this issue...

K000150667: BIG-IP SSL Orchestrator vulnerability CVE-2025-41430

Security Advisory Description When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-41430 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote, unauthenticated attacker to caus...