716 matches found
NewStart CGSL MAIN 6.06 (SP) : pam Multiple Vulnerabilities (NS-SA-2026-0005)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has pam packages installed that are affected by multiple vulnerabilities: - pamnamespace.c in the pamnamespace module in Linux-PAM aka pam before 1.1.3 uses the environment of the invoking application or service during execution of the...
CVE-2026-23235
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix out-of-bounds access in sysfs attribute read/write Some f2fs sysfs attributes suffer from out-of-bounds memory access and incorrect handling of integer values whose size is not 4 bytes. For example: vm: echo 65537...
Does the UK really want to ban VPNs? And can it be done?
The idea of a "Great British Firewall" makes for a catchy headline, but it would be riddled with holes and cause huge problems. The Guardian reports that the GCHQ Government Communications Headquarters, a UK intelligence, security, and cyber agency, is exploring the idea of a British firewall...
PT-2026-22921
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The f2fs file system in the Linux kernel contains a flaw related to out-of-bounds memory access and incorrect handling of integer values when reading and writing sysfs attributes...
📄 WordPress Premium Age Verification Restriction 3.0.2 Shell Upload
A critical security vulnerability exists in the WordPress Age Restriction plugin version 3.0.2 and earlier. The vulnerability allows unauthenticated attackers to upload arbitrary PHP files and execute remote code via the remotetunnel.php endpoint. This leads to complete compromise of the WordPres...
Reddit, porn sites fined by UK regulators over children’s safety and privacy
The UK’s online safety and privacy regulators are targeting companies that violate new age verification laws at both ends : Porn sites that did not keep children out, and mainstream platforms that profited from children coming in. On February 23, media regulator Ofcom fined porn operators that...
Roblox gives predators “powerful tools” to target children, says LA County
Los Angeles County has sued online gaming company Roblox, adding to a series of suits that accuse the virtual worlds platform of misleading parents into thinking it's safe while leaving children exposed to predators and sexually explicit content. The February 19 filing makes LA County the first...
Age verification vendor Persona left frontend exposed, researchers say
Researchers investigating Discord’s age-verification checks say they discovered an exposed frontend belonging to Persona, the identity-verification vendor used by Discord. It revealed a far more expansive surveillance and financial intelligence stack than a simple “teen safety” tool. A short whil...
GHSA-FW7P-63QQ-7HPR vulnerabilities
Vulnerabilities for packages: aactl, sftpgo, kyverno, mattermost, envoy-gateway, step, seaweedfs, nri-mysql, k3s, caddy, gitsign, flux-kustomize-controller, argo-workflows, trillian, chezmoi, cerbos, minio, jitsucom-bulker, grafana-alloy, kyverno-policy-reporter, temporal, age, dex,...
CVE-2026-2548 WAYOS FBM-220G rc sub_40F820 command injection
A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub40F820 of the file rc. Executing a manipulation of the argument upnpwaniface/upnpssdpinterval/upnpmaxage can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this...
CVE-2026-2548
A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub40F820 of the file rc. Executing a manipulation of the argument upnpwaniface/upnpssdpinterval/upnpmaxage can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this...
WAYOS FBM-220G 安全漏洞
WAYOS FBM-220G is a network behavior management router developed by the Chinese company Wayos. Version 24.10.19 of WAYOS FBM-220G contains a security vulnerability. This vulnerability stems from improper handling of parameters upnpwaniface/upnpssdpinterval/upnpmaxage in the sub40F820 function in...
Child exploitation, grooming, and social media addiction claims put Meta on trial
Meta is facing two trials over child safety allegations in California and New Mexico. The lawsuits are landmark cases, marking the first time that any such accusations have reached a jury. Although over 40 state attorneys general have filed suits about child safety issues with social media, none...
Discord will limit profiles to teen-appropriate mode until you verify your age
Discord announced it will put all existing and new profiles in teen-appropriate mode by default in early March. The teen-appropriate profile mode will remain in place until users prove they are adults. To change a profile to “full access” will require verification by Discord’s age inference model...
How safe are kids using social media? We did the groundwork
When researchers created an account for a child under 13 on Roblox, they expected heavy guardrails. Instead, they found that the platform’s search features still allowed kids to discover communities linked to fraud and other illicit activity. The discoveries spotlight the question that lawmakers...
CVE-2025-61634
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Rest/Handler/PageHTMLHandler.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...
WordPress The Plus Addons for Elementor plugin <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Age Gate vulnerability discovered by Phuoc Pham p3tl0v3r - VNPT Cyber Immunity in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.4.2...
Azure Linux 3.0 Security Update: kernel (CVE-2024-24857)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24857 advisory. - A race condition was found in the Linux kernel's net/bluetooth device driver in conninfomin,maxageset...
curl: Cookie Max-Age Integer Overflow Vulnerability
Summary: The cookie parsing code in lib/cookie.c contains an integer overflow vulnerability when processing the Max-Age attribute of HTTP cookies. The vulnerable code attempts to add the max-age value to the current timestamp without adequate overflow protection While the code includes an overflo...
CVE-2017-18589
An issue was discovered in the cookie crate before 0.7.6 for Rust. Large integers in the Max-Age of a cookie cause a panic...