3465 matches found
CVE-2026-45873
CVE-2026-45873 concerns Linux kernel netfilter nft_set_rbtree. The issue arises from partial overlap detection for anonymous sets where adjacent intervals omit end elements, allowing overlaps such as A-B and A-C with C
Exploit for SQL Injection in Drupal
CVE-2026-9082 Passive checker for CVE-2026-9082 / SA-CORE-2...
PT-2026-43740
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter component within the nft set rbtree function. The partial overlap detection logic for anonymous sets incorrectly skips checks on start elements due to an...
Linux Distros Unpatched Vulnerability : CVE-2026-45873
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nftsetrbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the e...
CVE-2026-45873
netfilter: nftsetrbtree: check for partial overlaps in anonymous sets...
CVE-2026-41147
NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting XSS vulnerability caused by insufficient server-side input sanitization in the Request class. The application relies primarily on client-side filtering to sanitize HTML tags and...
OPENSUSE-SU-2026:20812-1 Security update for cups
This update for cups fixes the following issues - CVE-2026-27447: Authorization bypass via case-insensitive group-member lookup bsc1261572. - CVE-2026-34978: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss bsc1261571. - CVE-2026-34979: Heap overflow in getoption...
Malicious code in @dreamlake/lakeshore (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ef6f14503697000ebd139364326d859a625a27a669e6f53b3e7a9388c3b0b25 On install, dist/cli/daemon/install.js fetches content from https://pub-c0109e197b4a4d1abe5884ac4dd3a023.r2.dev — an anonymous Cloudflare R2 bucket —...
Malicious code in loading-session (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 640bfe1e0b6627e78ec34ef2d97df0d5d29d912446883f284c15935cc8f6f996 Package advertises itself via a verbatim copy of pino's README, docs/, and index.d.ts TypeScript types and documentation are pino's, but index.js doe...
MAL-2026-4600 Malicious code in loading-session (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 640bfe1e0b6627e78ec34ef2d97df0d5d29d912446883f284c15935cc8f6f996 Package advertises itself via a verbatim copy of pino's README, docs/, and index.d.ts TypeScript types and documentation are pino's, but index.js doe...
CVE-2026-41147
NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting XSS vulnerability caused by insufficient server-side input sanitization in the Request class. The application relies primarily on client-side filtering to sanitize HTML tags and...
CVE-2026-41147
CVE-2026-41147 (NukeViet CMS) is a stored XSS issue affecting NukeViet CMS versions up to 4.5.08, caused by insufficient server-side input sanitization in the Request class. The app relies on client-side filtering for user-submitted HTML, which can be bypassed by altering HTTP requests. Attackers...
CVE-2026-41147 NukeViet CMS: Stored Cross-Site Scripting (XSS) via insufficient server-side input sanitization in Request class
NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting XSS vulnerability caused by insufficient server-side input sanitization in the Request class. The application relies primarily on client-side filtering to sanitize HTML tags and...
PT-2026-42729
Name of the Vulnerable Software and Affected Versions Easy Elements for Elementor – Addons & Website Templates versions prior to 1.4.6 Description An issue exists in the easyel handle register function where the wp ajax nopriv eel register AJAX handler processes the custom meta POST array. The...
Exploit for CVE-2026-9082
CVE-2026-9082 — Drupal Core PostgreSQL SQL Injection PoC...
Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
Drupal has released security updates for a "highly critical" security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure. The vulnerability, now tracked as CVE-2026-9082, carries a CVSS score of 6.5 o...
[SECURITY] Fedora 43 Update: proftpd-1.3.9a-2.fc43
ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...
[SECURITY] Fedora 44 Update: proftpd-1.3.9a-2.fc44
ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...
DRUPAL-CORE-2026-004
Drupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL...
BIT-DISCOURSE-2026-32244 Discourse: Cached outdated summaries can leak removed content
Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4, 2026.3.1,...