CVE-2026-2128

The Breeze WordPress Cache plugin (versions up to 2.5.2) is vulnerable due to improper verification of the wordpress_logged_in_ cookie in inc/cache/execute-cache.php when Cache Logged-in Users is enabled. An unauthenticated attacker can present a crafted cookie (e.g., wordpress_logged_in_fake=adm...

SUSE CVE-2026-45321

On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/ packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself...

SUSE CVE-2026-46174

In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache Make sure resources are not improperly shared in the op cache and cause instruction corruption this way...

SUSE CVE-2026-46238

In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop caching unowned originator pointers in BAT IV BAT IV keeps the last-hop neighbor address in each neighnode, but some paths also cache an originator pointer derived from a temporary lookup. That pointer is not own...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

copyfail-detect Detection toolkit for CVE-2026-31431 "Copy F...

PT-2026-45026

Impact DNSCache. async add inserted every response record into cache, expirations, expire heap, and service cache with no cap on entry count. The only pre-existing protection was a PTR TTL floor DNS PTR MIN TTL = 1125 s, RFC 6762 §10, which actually prolonged attacker-injected records, and a...

Linux Kernel - Local Privilege Escalation

Titles: Linux Kernel Local Privilege Escalation CVE-2026-43284 / CVE-2026-43500 / CVE-2026-46300 Author: nu11secur1ty Date: 2026-05-11 Vendor: Linux Kernel Software: Linux Kernel All major distributions Vulnerability Type: Page-Cache Write / Memory Corruption Status: HIGH / CRITICAL --- Descripti...

RHEL 8 : flatpak (RHSA-2026:21756)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21756 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak:...

libsoup 安全漏洞

Libsoup is a GNOME project’s HTTP client/server library. Libsoup has a security vulnerability, which stems from an error in the unsigned-to-signed conversion in the soupbodyinputstreamreadchunked function. This vulnerability could allow remote attackers to bypass security controls by sending...

AlmaLinux 9 : httpd (ALSA-2026:21391)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21391 advisory. httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read due ...

SUSE SLES12 Security Update : xen (SUSE-SU-2026:2066-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2066-1 advisory. This update for xen fixes the following issues - CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053 bsc1262428. -...

WordPress plugin Breeze 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

RHEL 9 : flatpak (RHSA-2026:21755)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21755 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak:...

Oracle Linux 8 : flatpak (ELSA-2026-21756)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-21756 advisory. 1.12.9-4 - Fix arbitrary code execution via crafted symlinks in sandbox-expose options Resolves: RHEL-165633 - Fix arbitrary file deletion on host via...

PT-2026-44747

Name of the Vulnerable Software and Affected Versions Breeze versions prior to 2.5.3 Description Improper verification of the wordpress logged in cookie in the inc/cache/execute-cache.php file occurs when the "Cache Logged-in Users" setting is enabled. The plugin uses the substr function to parse...

ImageMagick < 6.9.13-48 / 7.x < 7.1.2-23 Multiple Vulnerabilities

The remote host has a version of ImageMagick installed that is prior to 6.9.13-47 or 7.x prior to 7.1.2-22. It is, therefore, affected by multiple vulnerabilities: — An attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race...

RockyLinux 8 : flatpak (RLSA-2026:21756)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21756 advisory. flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on ho...

VulnCheck KEV: CVE-2026-45247

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

Linux Distros Unpatched Vulnerability : CVE-2026-6324

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a...

RHEL 10 : flatpak (RHSA-2026:21757)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21757 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak:...