CVE-2026-23211 mm, swap: restore swap_space attr aviod kernel panic

In the Linux kernel, the following vulnerability has been resolved: mm, swap: restore swapspace attr aviod kernel panic commit 8b47299a411a "mm, swap: mark swap address space ro and add context debug check" made the swap address space read-only. It may lead to kernel panic if archpreparetoswap...

CVE-2026-2127 SiteOrigin Widgets Bundle <= 1.70.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check on the siteoriginwidgetpreviewwidgetaction function which is registered via the...

CVE-2026-1807 InteractiveCalculator for WordPress <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute

The InteractiveCalculator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'interactivecalculator' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

WordPress InteractiveCalculator for WordPress plugin <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin InteractiveCalculator for WordPress versions = 1.0.3...

PT-2026-20473

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11 Splunk Cloud Platform versions prior to 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120 Description A user with access to the Splunk internal index within a...

MajorDoMo 跨站脚本漏洞

MajorDoMo is an open-source DIY smart home automation platform developed by the MajorDoMo community. MajorDoMo has a cross-site scripting vulnerability. This vulnerability stems from the fact that attribute values provided by users through the /objects/?op=set endpoint are stored without properly...

SUSE-SU-2026:20493-1 Security update for glib2

This update for glib2 fixes the following issues: - CVE-2025-13601: Fixed integer overflow in in gescapeuristring bsc1254297. - CVE-2025-14087: Fixed buffer underflow in GVariant parser leads to heap corruption bsc1254662. - CVE-2025-14512: Fixed integer Overflow in GLib GIO Attribute Escaping...

📄 Python 3 Minidom Denial of Service

This proof of concept demonstrates an algorithmic denial of service condition caused by parsing an XML document containing an extremely large number of attributes using Python's xml.dom.minidom library. Due to inefficient attribute handling with quadratic time complexity, the XML parser may consu...

Linux Distros Unpatched Vulnerability : CVE-2026-23131

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names The hp-bioscfg driver attempts to register kobjects with empty names when the HP BIOS...

CVE-2026-1903

The Ravelry Designs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'layout' attribute of the 'sbravelrydesigns' shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2026-23144

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure When a context DAMON sysfs directory setup is failed after setup of attrs/ directory, subdirectories of attrs/ directory are not cleaned up. As a result, DAMON...

CVE-2026-23131

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names The hp-bioscfg driver attempts to register kobjects with empty names when the HP BIOS returns attributes with empty name strings. This causes multiple kerne...

CVE-2026-23131

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names The hp-bioscfg driver attempts to register kobjects with empty names when the HP BIOS returns attributes with empty name strings. This causes multiple kerne...

UBUNTU-CVE-2026-23131

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names The hp-bioscfg driver attempts to register kobjects with empty names when the HP BIOS returns attributes with empty name strings. This causes multiple kerne...

CVE-2026-23131 platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names The hp-bioscfg driver attempts to register kobjects with empty names when the HP BIOS returns attributes with empty name strings. This causes multiple kerne...

EUVD-2026-5906

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names The hp-bioscfg driver attempts to register kobjects with empty names when the HP BIOS returns attributes with empty name strings. This causes multiple kerne...

CVE-2026-23131

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names The hp-bioscfg driver attempts to register kobjects with empty names when the HP BIOS returns attributes with empty name strings. This causes multiple kerne...

CVE-2026-23131

CVE-2026-23131 : In the Linux kernel, hp-bioscfg registers kobjects for attributes read from WMI. If the HP BIOS returns attributes with empty names, the registration can trigger kobject warnings and parsing may fail. The fix adds validation in hp_init_bios_buffer_attribute() to skip registration...

CVE-2026-23131 platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names The hp-bioscfg driver attempts to register kobjects with empty names when the HP BIOS returns attributes with empty name strings. This causes multiple kerne...

CVE-2026-23131

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names The hp-bioscfg driver attempts to register kobjects with empty names when the HP BIOS returns attributes with empty name strings. This causes multiple kerne...