USN-8183-1 linux-gcp, linux-gcp-6.17 vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

USN-8183-1: Linux kernel (GCP) vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

USN-8177-1 linux, linux-realtime vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

USN-8177-1: Linux kernel vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

EUVD-2026-23358

The Kubio plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to and including 2.7.2. This is due to insufficient capability checks in the kubiorestpreinsertimportassets function, which is hooked to the restpreinsertposttype filter for posts, pages, templates, and template...

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the kvv2 process. An attacker can cause unauthorized deletion of secrets by exploiting policy configurations containing a glob pattern, which may result in service disruption...

CVE-2026-5427

The Kubio plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to and including 2.7.2. This is due to insufficient capability checks in the kubiorestpreinsertimportassets function, which is hooked to the restpreinsertposttype filter for posts, pages, templates, and template...

CVE-2026-5427

CVE-2026-5427 concerns the Kubio AI Page Builder WordPress plugin (

CVE-2026-5427 Kubio AI Page Builder <= 2.7.2 - Missing Authorization to Authenticated (Contributor+) Limited File Upload via Kubio Block Attributes

The Kubio plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to and including 2.7.2. This is due to insufficient capability checks in the kubiorestpreinsertimportassets function, which is hooked to the restpreinsertposttype filter for posts, pages, templates, and template...

CVE-2026-4817

The MasterStudy LMS WordPress Plugin for Online Courses and Education is affected by CVE-2026-4817 (versions up to 3.7.25). A time-based blind SQL injection exists in the /lms/stm-lms/order/items REST API endpoint via the order/orderby parameters due to insufficient input sanitization and a desig...

SUSE SLES12 Security Update : python-urllib3 (SUSE-SU-2026:1412-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1412-1 advisory. Security issues: - CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain bsc1254866. -...

kimai 安全漏洞

Kimai is a web-based, multi-user time tracking application developed by Kimai’s individual developer. Versions of Kimai 2.52.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of checks on the isEnabled flag in the user preference settings API endpoint,...

PT-2026-33404

The Kubio plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to and including 2.7.2. This is due to insufficient capability checks in the kubio rest pre insert import assets function, which is hooked to the rest pre insert post type filter for posts, pages, templates, and...

PT-2026-33517

Name of the Vulnerable Software and Affected Versions HomeBox versions prior to 0.25.0 Description An issue exists where the defaultGroup ID remains permanently assigned to a user after their access to a group is revoked. Although the web interface enforces this revocation, the API does not...

OpenViking 安全漏洞

OpenViking is an open-source artificial intelligence agent-based context database developed by Volcengine. Previous versions of OpenViking had security vulnerabilities. These vulnerabilities stemmed from a flaw in the HTTP routing mechanism of the VikingBot OpenAPI, which allowed authentication...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : ESAPI vulnerabilities (USN-8181-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8181-1 advisory. Jaroslav Lobaevski discovered that ESAPI incorrectly validated directory paths during path verification. ...

[SECURITY] Fedora 44 Update: kwayland-6.6.4-1.fc44

Qt-style API to interact with the wayland-client API...

[SECURITY] Fedora 44 Update: kf6-attica-6.25.0-1.fc44

Attica is a Qt library that implements the Open Collaboration Services API version 1.4...

[SECURITY] Fedora 44 Update: kf6-kapidox-6.25.0-1.fc44

Scripts and data for building API documentation dox in a standard format and style...

CVE-2026-40318 SiYuan: Publish Reader Path Traversal Delete via `removeUnusedAttributeView`

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttributeView endpoint constructs a filesystem path using the user-controlled id parameter without validation or path boundary enforcement. An attacker can inject path traversal...