WordPress Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin <= 1.8.10.4 - Authenticated (Custom+) SQL Injection vulnerability

Authenticated Custom+ SQL Injection vulnerability discovered by Abi Wiranata in WordPress Plugin Charitable versions = 1.8.10.4...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: MIPS: Don't crash in stacktop for tasks without ABI or vDSO Not all tasks have an ABI associated or vDSO mapped, for example kthreads never do. If such a task ever ends up calling stacktop, it will derefence the NULL ABI pointer...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012963)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012963 advisory. In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix buffer overflow in transstatshow Fix buffer overflow in transstatshow. Convert...

OPENSUSE-SU-2026:20572-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-39998: scsi: target: targetcoreconfigfs: Add length check to avoid buffer overflow bsc1252073. - CVE-2025-40253: s390/ctcm: Fix double-kfree bsc1255084. -...

abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +252 more potentially affected by CVE-2026-25219 via apache-airflow (>=1.10.1 <=3.1.7rc2)

apache-airflow PYPI version =1.10.1, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.1, =0.2.9b1, =1.0.7, =0.4.0, =0.1.0a1, =0.5.1, =1.5.0 and more Source cves: CVE-2026-25219 Source advisory: OSV:GHSA-4G48-54Q2-FG7Q...

Malicious code in @abi-labs-frontend/standards (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a60eba79d2fd49b58fb2a2073d2b7c87f66c1ad781bc1a6137962f9b5e772449 The package @abi-labs-frontend/standards was found to contain malicious code...

MAL-2026-2329 Malicious code in @abi-labs-frontend/standards (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a60eba79d2fd49b58fb2a2073d2b7c87f66c1ad781bc1a6137962f9b5e772449 The package @abi-labs-frontend/standards was found to contain malicious code...

Abi-smuggling-exploit

Web3 Security Research Portfolio A collection of smart contra...

a-api-server (=1.3.0), a2 (>=0.1.0 <=0.3.17) +3857 more potentially affected by CVE-2026-27205 via flask (>=0.10.1 <=3.1.2)

flask PYPI version =0.10.1, =0.1.0, =0.10.0, =1.0.2, =1.0.0, =1.0.5, =1.8.8, =1.0.2, =0.3.1, =0.8.44.4, =1.3.1.post1 and more Source cves: CVE-2026-27205 Source advisory: OSV:GHSA-68RP-WP8R-4726...

PyO3 has type confusion when accessing data from sublasses of subclasses of native types with `abi3` feature

PyO3 0.28.1 added support for pyclassextends=PyList struct NativeSub and other native types when targeting Python 3.12 and up with the abi3 feature. It was discovered that subclasses of such classes would use the type of the subclass when attempting to access to data of NativeSub contained within...

GHSA-47QC-857F-7W7F PyO3 has type confusion when accessing data from sublasses of subclasses of native types with `abi3` feature

PyO3 0.28.1 added support for pyclassextends=PyList struct NativeSub and other native types when targeting Python 3.12 and up with the abi3 feature. It was discovered that subclasses of such classes would use the type of the subclass when attempting to access to data of NativeSub contained within...

MiracleLinux 9 : bind-dyndb-ldap-11.9-9.el9.ML.1, bind-9.16.23-18.el9.1 (AXSA:2024-7866:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7866:02 advisory. bind: Preparing an NSEC3 closest encloser proof can exhaust CPU resources CVE-2023-50868 bind: KeyTrap - Extreme CPU consumption in DNSSEC validator...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2021-47557: net/sched: schets: do not peek at classes beyond 'nbands' bsc1207361 bsc1225468. CVE-2021-47595: net/sched: schets: do not remove idle classes from the...

CVE-2025-71129

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Sign extend kfunc call arguments The kfunc calls are native calls so they should follow LoongArch calling conventions. Sign extend its arguments properly to avoid kernel panic. This is done by adding a new...

CVE-2025-71129

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Sign extend kfunc call arguments The kfunc calls are native calls so they should follow LoongArch calling conventions. Sign extend its arguments properly to avoid kernel panic. This is done by adding a new...

CVE-2025-71129 LoongArch: BPF: Sign extend kfunc call arguments

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Sign extend kfunc call arguments The kfunc calls are native calls so they should follow LoongArch calling conventions. Sign extend its arguments properly to avoid kernel panic. This is done by adding a new...

CVE-2025-71129

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Sign extend kfunc call arguments The kfunc calls are native calls so they should follow LoongArch calling conventions. Sign extend its arguments properly to avoid kernel panic. This is done by adding a new...

CVE-2025-71129

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Sign extend kfunc call arguments The kfunc calls are native calls so they should follow LoongArch calling conventions. Sign extend its arguments properly to avoid kernel panic. This is done by adding a new...

CVE-2025-71129 LoongArch: BPF: Sign extend kfunc call arguments

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Sign extend kfunc call arguments The kfunc calls are native calls so they should follow LoongArch calling conventions. Sign extend its arguments properly to avoid kernel panic. This is done by adding a new...

Linux Distros Unpatched Vulnerability : CVE-2025-71129

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LoongArch: BPF: Sign extend kfunc call arguments The kfunc calls are native calls so they should follow LoongArch calling conventions. Sign extend its arguments...