Exploit for Race Condition in Canonical Ubuntu_Linux

Privilege Escalation using the Dirty Cow Kernel Exploit By...

CVE-2026-23943 Pre-auth SSH DoS via unbounded zlib inflate

Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...

CVE-2026-22216 wpDiscuz before 7.6.47 - No Rate Limiting on Subscription Endpoints with LIKE Wildcard Bypass

wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post notifications by sending POST requests to the wpdAddSubscription handler in class.WpdiscuzHelperAjax.php. Attackers can exploit LIKE wildcard...

PT-2026-25386

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. From 2.7.0 to 2.8.0, the /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by...

PT-2026-25342

🚨 CVE-2025-12453 Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OpenText™ Vertica allows Reflected XSS. The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : python-cryptography vulnerability (USN-8087-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by a vulnerability as referenced in the USN-8087-1 advisory. It was discovered that python-cryptography incorrectly handled subgroup validation for SECT curves. A remote attacker could use this issue to...

Linux Distros Unpatched Vulnerability : CVE-2026-4015

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtinprocesstexml of the file src/filters/loadtext.c of the component TeXML File...

Moderate: Red Hat Security Advisory: vsftpd security update

An update for vsftpd is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

CVE-2026-32612 Statamic: privilege escalation via stored cross-site scripting

Statamic is a Laravel and Git powered content management system CMS. Prior to 6.6.2, stored XSS in the control panel color mode preference allows authenticated users with control panel access to inject malicious JavaScript that executes when a higher-privileged user impersonates their account. Th...

CVE-2026-32612

Statamic is a Laravel and Git powered content management system CMS. Prior to 6.6.2, stored XSS in the control panel color mode preference allows authenticated users with control panel access to inject malicious JavaScript that executes when a higher-privileged user impersonates their account. Th...

CVE-2026-3909

CVE-2026-3909 is a Google Chrome/Skia vulnerability: an out-of-bounds write in Skia could allow a remote attacker to trigger out-of-bounds memory access via a crafted HTML page. Affects Chrome before 146.0.7680.75; exploits are known to exist in the wild. Chrome/Chromium advisories note that fixe...

EUVD-2026-11611

TinaCMS CLI Dev Server Vulnerable to Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS...

ImageMagick: Specially crafted SVG leads to segmentation fault and generate trash files in "/tmp", possible to leverage DoS

Summary Specially crafted SVG file make segmentation fault and generate trash files in "/tmp", possible to leverage DoS. Operating system, version and so on Linux, Debian Buster LTS core 5.10 / Parrot OS 5.1 Electro Ara Tested ImageMagick version 6.9.11-60, 7.1.0-62 Details A specially created SV...

GHSA-J96M-MJP6-99XR ImageMagick: Specially crafted SVG leads to segmentation fault and generate trash files in "/tmp", possible to leverage DoS

Summary Specially crafted SVG file make segmentation fault and generate trash files in "/tmp", possible to leverage DoS. Operating system, version and so on Linux, Debian Buster LTS core 5.10 / Parrot OS 5.1 Electro Ara Tested ImageMagick version 6.9.11-60, 7.1.0-62 Details A specially created SV...

EUVD-2019-19825

202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the loguser parameter. Attackers can send crafted requests with malicious SQL statements in the loguser field to extract sensitive database...

EUVD-2026-11619

A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file includes/Classes/Auth.php. Executing a manipulation of the argument ldapemail can lead to observable response discrepancy. The attack can be executed remotely. A high complexity level is associated with...

CVE-2026-32231 ZeptoClaw: Generic webhook channel trusts caller-supplied identity fields; allowlist is checked against untrusted payload data

ZeptoClaw is a personal AI assistant. Prior to 0.7.6, the generic webhook channel trusts caller-supplied identity fields sender, chatid from the request body and applies authorization checks to those untrusted values. Because authentication is optional and defaults to disabled authtoken: None, an...

vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing

A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence...

CVE-2026-32140 Dataease: Redshift JDBC RCE Bypass

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code...

CVE-2026-28792

Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the...