PT-2026-36965

The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox data-caption attributes in all versions up to, and including, 2.7.10. This is due to the fancybox-config.js script reading the carousel container's id attribute directly from the DOM to...

PT-2026-36954

The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapper' attribute of the futureaction shortcode in all versions up to, and including, 4.10.0. This is due to insufficient input sanitization on the wrapper attribute. The...

CVE-2026-39103

Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702 allows an attacker to cause a denial of service via the src/scenegraph/svgattributes.c, svgparsestrings, gfsvgparseattribute...

PT-2026-37061

Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702 allows an attacker to cause a denial of service via the src/scenegraph/svg attributes.c, svg parse strings, gf svg parse attribute...

RHEL 9 : python-tornado (RHSA-2026:13670)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:13670 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

PT-2026-36956

Name of the Vulnerable Software and Affected Versions Simple Owl Shortcodes versions prior to 2.1.2 Description The Simple Owl Shortcodes plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping of user-supplied...

Moderate: python-tornado security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

ALSA-2026:13670 Moderate: python-tornado security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

PT-2026-37066

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the XFS file system where the xfs attri recover work function incorrectly calls irele after a failure in iget. Because xlog recovery iget functions do not set the @ip...

CVE-2026-4658

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the className, classHook, and blockId attributes in the Add to Cart block essential-blocks/add-to-cart in all versions up to, and including, 6.0.4. This...

JLSEC-2026-435 1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or...

A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path path="/",. Since this site is not...

CVE-2026-7735

A flaw was found in osrg GoBGP. A remote attacker can exploit this vulnerability by manipulating the PathAttributeAigp.DecodeFromBytes function, leading to a buffer overflow. This could result in a denial of service, information disclosure, or potentially arbitrary code execution...

CVE-2026-7735

A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. Upgrading...

EUVD-2026-26915

A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. Upgrading...

CVE-2026-7735 osrg GoBGP AIGP Attribute bgp.go PathAttributeAigp.DecodeFromBytes buffer overflow

A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. Upgrading...

CVE-2026-7735

The CVE concerns osrg GoBGP (up to 4.3.0) where the PathAttributeAigp.DecodeFromBytes function in pkg/packet/bgp/bgp.go handles the AIGP Attribute Parser. A manipulation can cause a buffer overflow, enabling remote initiation of an attack. This entry specifies that upgrading to version 4.4.0 addr...

GoBGP 安全漏洞

GoBGP is an open-source implementation of the Border Gateway Protocol BGP developed by osrg. Versions of GoBGP prior to 4.3.0 contained security vulnerabilities. These vulnerabilities stemmed from a function in the SRv6 L3 Service component called pkg/packet/bgp/prefixsid.go. The function...

GoBGP 缓冲区错误漏洞

GoBGP is an open-source implementation of the Border Gateway Protocol BGP developed by osrg. Versions of GoBGP prior to 4.3.0 contained a buffer error vulnerability. This vulnerability stems from a buffer overflow in the function PathAttributeAigp.DecodeFromBytes within the AIGP Attribute Parser...

PT-2026-36764

Name of the Vulnerable Software and Affected Versions osrg GoBGP versions prior to 4.4.0 Description A buffer overflow can be triggered remotely within the AIGP Attribute Parser component. The issue exists in the PathAttributeAigp.DecodeFromBytes function located in the pkg/packet/bgp/bgp.go file...

RHCOS 4 : OpenShift Container Platform 4.13.8 (RHSA-2023:4459)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4459 advisory. - golang: net/http, net/textproto: denial of service from excessive memory allocation CVE-2023-24534 - golang: html/template: improp...