CVE-2026-3330 Form Maker by 10Web <= 1.15.40 - Authenticated (Administrator+) SQL Injection via 'ip_search' Parameter

The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ipsearch', 'startdate', 'enddate', 'usernamesearch', and 'useremailsearch' parameters in all versions up to, and including, 1.15.40. This is due to the WDWFMLibrary::validatedata method calling stripslashes on us...

CVE-2026-5807

Vault is vulnerable to a denial-of-service condition: an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot and preventing legitimate operators from completing these workflows. The issue is fixed in...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the login process. An attacker can obtain sensitive information about valid usernames by measuring response times and leveraging timing discrepancies. Remediation Upgrade github.com/enchant97/note-mark/backend/db to...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the login process. An attacker can obtain sensitive information about valid usernames by measuring response times and leveraging timing discrepancies. Remediation Upgrade github.com/enchant97/note-mark/backend/services...

CVE-2026-40263

Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoint performs bcrypt password verification only when the supplied username exists, returning immediately for nonexistent usernames. This timing discrepancy allows unauthenticated attackers to enumerat...

WAVLINK WL-WN530H4 安全漏洞

The WAVLINK WL-WN530H4 is a high-performance USB wireless network card from the WAVLINK company. It supports 802.11ac dual-band Wi-Fi. The Wavlink WL-WN530H4 version 20220721 has a security vulnerability. This vulnerability stems from the use of os command injection in the function strcat/snprint...

PT-2026-36795

Name of the Vulnerable Software and Affected Versions Totolink N300RH version 3.2.4-B20220812 Description A buffer overflow exists in the POST Request Handler component. This issue occurs when the mac address argument is manipulated within the setMacFilterRules function of the...

ROS-20260417-73-0021

Vulnerability in python-PyPDF2 related to the use of regular expression with inefficient computational complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260417-73-0022

Vulnerability in python-PyPDF2 related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

CVE-2025-70795

STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabli...

CVE-2026-37749

A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote unauthenticated attackers to bypass authentication via the username parameter in index.php...

PT-2026-33451

Name of the Vulnerable Software and Affected Versions PAC4J versions prior to 5.7.10 PAC4J versions prior to 6.4.1 Description Cross-Site Request Forgery CSRF occurs when a malicious attacker crafts a website that automatically submits a forged request using a token whose hash collides with the...

PT-2026-33455

Name of the Vulnerable Software and Affected Versions libvips versions prior to 8.19 Description A heap-based buffer overflow exists in the nip2 Handler component within the im minpos vec function of the file libvips/deprecated/vips7compat.c. This issue occurs when the argument n is manipulated,...

Linux Distros Unpatched Vulnerability : CVE-2026-33337

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdrdatum...

SUSE SLES15 Security Update : ovmf (SUSE-SU-2026:1413-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1413-1 advisory. This update for ovmf fixes the following issue: - CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error...

ROS-20260417-73-0030

A vulnerability in the JOSE implementation of the Authlib library for OAuth and OpenID Connect servers is related to improper integrity value checking. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security mechanisms...

MiracleLinux 8 : bind-9.11.36-16.el8_10.7 (AXSA:2026-451:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-451:02 advisory. bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone CVE-2026-1519 Tenable has extracted the preceding description block directly from...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007615)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007615 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: prevent A-MSDU attacks in mesh networks This patch is a mitigation to prevent the A-MSDU...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: cups (UTSA-2026-010665)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010665 advisory. OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a...

CVE-2026-40263

Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoint performs bcrypt password verification only when the supplied username exists, returning immediately for nonexistent usernames. This timing discrepancy allows unauthenticated attackers to enumerat...