PT-2026-48595

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: “comedi: runflags cannot determine whether to reclaim chanlist” The syzbot reported a memory leak 1. The commit 4e1da516debb “comedi: Add reference counting for Comedi command handling” did not account for the exceptional exit ca...

Astra Linux - уязвимость в ansible

A race condition flaw was discovered in Ansible Engine 2.7.17 and earlier versions, as well as 2.8.9 and earlier, and 2.9.6 and earlier. This issue occurs when running a playbook with an unprivileged “become user” command. When Ansible needs to execute a module with the “become user” command, a...

Linux Distros Unpatched Vulnerability : CVE-2026-31750

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: comedi: runflags cannot determine whether to reclaim chanlist syzbot reported a memory leak ...

CVE-2026-31750

CVE-2026-31750 affects the Linux kernel comedi driver. The issue is a memory leak where chanlist was not freed in the exceptional exit path of do_cmd_ioctl because runflags may be unset; do_become_nonbusy() previously freed chanlist only when runflags were set. The fix adds a check in do_become_n...

PT-2026-36385

In the Linux kernel, the following vulnerability has been resolved: comedi: runflags cannot determine whether to reclaim chanlist syzbot reported a memory leak 1, because commit 4e1da516debb "comedi: Add reference counting for Comedi command handling" did not consider the exceptional exit case in...

EUVD-2023-31198

Malicious code in bioql PyPI...

CVE-2025-8425 My WP Translate <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaximportstrings function in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with...

Malicious code in post-five-become (npm)

The package post-five-become was found to contain malicious code...

MAL-2025-45577 Malicious code in post-five-become (npm)

The package post-five-become was found to contain malicious code...

CVE-2025-5931

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.5. This is due to the plugin not properly validating a user's identity prior to updating their password during a staff password reset. This makes it possible for...

CVE-2023-27422

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in NsThemes NS Coupon To Become Customer plugin = 1.2.2 versions...

DRUPAL-CONTRIB-2025-005

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

DRUPAL-CONTRIB-2025-002

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

Important: ansible

Issue Overview: A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansiblefacts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansiblefacts after the clean. An attacker cou...

CVE-2023-27422

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in NsThemes NS Coupon To Become Customer plugin = 1.2.2 versions...

CVE-2023-27422

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in NsThemes NS Coupon To Become Customer plugin = 1.2.2 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in NsThemes NS Coupon To Become Customer plugin = 1.2.2 versions...

WordPress plugin ns-coupon-to-become-customer cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Users with bad collateralization ratio from either rebase/nonrebasevault can bypassliquidation

Lines of code Vulnerability details Impact users with an unsafe collateralization ratio who are supposed to be liquidated can manipulate the rigidRedemption feature to bypass the liquidation. From the code above its noted that being a rigidRedemption provider one can can put their collateral amou...