Malicious Package

Overview sap-activate is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

SUSE CVE-2026-23233

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid mapping wrong physical block for swapfile Xiaolong Guo reported a f2fs bug in bugzilla 1 1 https://bugzilla.kernel.org/showbug.cgi?id=220951 Quoted: "When using stress-ng's swap stress test on F2FS filesystem...

CVE-2026-23233

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid mapping wrong physical block for swapfile Xiaolong Guo reported a f2fs bug in bugzilla 1 1 https://bugzilla.kernel.org/showbug.cgi?id=220951 Quoted: "When using stress-ng's swap stress test on F2FS filesystem...

PT-2026-20586

Name of the Vulnerable Software and Affected Versions NewsBlogger versions 0.2.5.6 through 0.2.6.1 Description The NewsBlogger WordPress theme is susceptible to Cross-Site Request Forgery due to inadequate nonce validation within the newsblogger install and activate plugin function. This allows...

CVE-2026-23111 netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate()

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix inverted genmask check in nftmapcatchallactivate nftmapcatchallactivate has an inverted element activity check compared to its non-catchall counterpart nftmapelemactivate and compared to what is logically...

CVE-2026-23111 netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate()

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix inverted genmask check in nftmapcatchallactivate nftmapcatchallactivate has an inverted element activity check compared to its non-catchall counterpart nftmapelemactivate and compared to what is logically...

CVE-2026-23111

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix inverted genmask check in nftmapcatchallactivate nftmapcatchallactivate has an inverted element activity check compared to its non-catchall counterpart nftmapelemactivate and compared to what is logically...

📄 Oracle Database Server 9.2.0.5 SQL Injection

Oracle Database Server version 9.2.0.5 proof of concept remote SQL injection exploit that leverages SYS.DBMSCDCSUBSCRIBE.ACTIVATESUBSCRIPTION and makes use of an older vulnerability from 2005...

SAP ABAP Platform 安全漏洞

SAP ABAP Platform is an ABAP-based SAP solution developed by the German company SAP. There is a security vulnerability in SAP ABAP Platform, which stems from the unauthorized activation of functional modules that fail to perform necessary authorization checks on verified users. This vulnerability...

CVE-2025-71182

In the Linux kernel, the following vulnerability has been resolved: can: j1939: make j1939sessionactivate fail if device is no longer registered syzbot is still reporting unregisternetdevice: waiting for vcan0 to become free. Usage count = 2 even after commit 93a27b5891b8 "can: j1939: add missing...

CVE-2025-69564

code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExAddNewUser.php via the Name, Address, email, UserName, Password, confirmpassword, Role, Branch, and Activate parameters...

SUSE CVE-2026-22997

In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: j1939xtprxrtssessionactive: deactivate session upon receiving the second rts Since j1939sessiondeactivateactivatenext in j1939tprxtimer is called only when the timer is enabled, we need to call...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004912)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004912 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: scsidhalua: Fix memleak for 'qdata' in aluaactivate If aluartpgqueue failed from...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001058)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001058 advisory. The hubactivate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physicall...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002137)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002137 advisory. The hubactivate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physicall...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993016)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993016 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: scsidhalua: Fix memleak for 'qdata' in aluaactivate If aluartpgqueue failed from...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992239)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992239 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: scsidhalua: Fix memleak for 'qdata' in aluaactivate If aluartpgqueue failed from...

CVE-2025-11164 Mavix Education <= 1.0 - Missing Authorization to Authenticated (Subscriber+) 'Creativ Demo Importer' Plugin Activation

The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavixeducationactivateplugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acces...

CVE-2025-34335 AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command Injection via ActivateLicense.php

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an authenticated command injection vulnerability in the license activation workflow handled by AudioCodesfiles/ActivateLicense.php. When a license file is uploaded, the application derives a new...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990524)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990524 advisory. In the Linux kernel, the following vulnerability has been resolved: mxser: fix xmitbuf leak in activate when LSR == 0xff When LSR is 0xff in -activate rather unlike,...