CVE-2026-36174

GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the serial UART interface...

PT-2026-43441

Name of the Vulnerable Software and Affected Versions netty incubator codec.bhttp versions prior to 0.0.21.Final Description The HKDF expand function returns a non-NULL byte array filled with zeros upon failure, making it impossible to distinguish between a successful operation and a failure. Thi...

SUSE CVE-2026-8545

Object corruption in Compositing in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

PT-2026-39577

Name of the Vulnerable Software and Affected Versions WebDyne::Session versions prior to 2.076 Description The session handler generates session identifiers insecurely using an MD5 hash seeded with the built-in rand function. The rand function is seeded by 32-bits, making it predictable and...

CVE-2024-43384

The CVE-2024-43384 entry concerns Phoenix Contact MGUARD products. Affected component: the devices’ handling/storage/transfer of sensitive data. Root cause: improper removal of sensitive information before storage or transfer, enabling exposure of the root password. Impact: a low-privileged remot...

EUVD-2024-33399

The Beds24 Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's beds24-link shortcode in all versions up to, and including, 2.0.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

SUSE CVE-2026-34872

An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values lack of contributor...

Admidio has Missing CSRF Protections on Custom List Deletion in mylist_function.php

Reported by: Juan Felipe Oz @JF0x0r LinkedIn Summary The delete mode handler in mylistfunction.php permanently deletes list configurations without validating a CSRF token. An attacker who can lure an authenticated user to a malicious page can silently destroy that user's list configurations —...

CVE-2026-4278

The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sdcmenu' shortcode in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'text' an...

CVE-2026-32290

The CVE-2026-32290 affects the GL-iNet Comet (GL-RM1) KVM. It describes insufficient verification of uploaded firmware, enabling an attacker-in-the-middle or a compromised update server to modify the firmware and the corresponding MD5 hash to pass verification. The document notes local attack vec...

CVE-2025-13718

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors...

ROS-20260304-73-0026

A vulnerability in the v4l2rectmapinside function of the Linux kernel is related to memory reads outside of the allocated buffer. Exploitation of the vulnerability may allow an attacker acting remotely to affect the confidentiality of protected information...

Ubuntu: Security Advisory (USN-8059-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-1215

The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.15. This is due to missing nonce validation when saving plugin configuration on the mmacalltrackingmenu admin page. This makes it possible for unauthenticated attackers...

CVE-2025-12679

A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption PBE key in plaintext in the system audit log file. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the pbe key. Note: The vulnerability is only triggered duri...

EUVD-2025-206535

Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application layer encryption, allowing a network adjacent attacker to intercept this traffic and compromise its confidentiality...

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability that can be exploited by an attacker to expose sensitive technical details, leading to information disclosure or assisting in further attacks...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001613)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001613 advisory. The cdromioctlmediachanged function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM...

Unity Linux 20.1060a Security Update: kernel (UTSA-2026-004377)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004377 advisory. The brcm80211 component in the Linux kernel through 6.5.10 has a brcmfcfg80211detach use-after-free in the device unplugging disconnect the USB by hotplug code. For...

MiracleLinux 4 : java-1.6.0-openjdk-1.6.0.40-1.13.12.6.AXS4 (AXSA:2016-642:04)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-642:04 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2016-3458 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and...