rustfs 安全漏洞

rustfs is a high-performance object storage system from the RustFS open source. A security vulnerability exists in rustfs versions 1.0.0-alpha.13 through 1.0.0-alpha.77, which stems from a deserialization failure when processing a malformed gRPC GetMetrics request, which could lead to a remote...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000458)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000458 advisory. A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and...

PT-2026-1572

Name of the Vulnerable Software and Affected Versions Bit Form – Contact Form Plugin versions prior to 2.21.7 Description The Bit Form – Contact Form Plugin for WordPress has a flaw allowing unauthorized workflow execution. The triggerWorkFlow function lacks proper authorization, specifically in...

Cisco Secure Firewall Threat Defense和Cisco UTD SNORT IPS Engine Software 信息泄露漏洞

Cisco Secure Firewall Threat Defense and Cisco UTD SNORT IPS Engine Software are both products of Cisco, Inc.Cisco Secure Firewall Threat Defense is an integrated firewall platform. Cisco UTD SNORT IPS Engine Software is an intrusion detection and defense engine. An information disclosure...

PT-2026-1584

Name of the Vulnerable Software and Affected Versions User Activity Log plugin versions prior to and including 2.2 Description The User Activity Log plugin has an issue where the failed-login handler ual shook wp login failed does not perform a capability check. This allows unauthenticated...

CVE-2025-47332 Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver

Memory corruption while processing a config call from userspace...

CVE-2025-14124

The Team WordPress plugin before 5.0.11 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

PT-2026-1527

Name of the Vulnerable Software and Affected Versions versions prior to 2025-47332 Description A memory corruption issue exists when processing a configuration call originating from userspace. Recommendations At the moment, there is no information about a newer version that contains a fix for thi...

CVE-2025-68754 rtc: amlogic-a4: fix double free caused by devm

In the Linux kernel, the following vulnerability has been resolved: rtc: amlogic-a4: fix double free caused by devm The clock obtained via devmclkgetenabled is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clkdisableunprepare in error path and...

PT-2026-1324

Name of the Vulnerable Software and Affected Versions Samsung Mobile Processor Exynos 1380 Samsung Mobile Processor Exynos 1480 Samsung Mobile Processor Exynos 2400 Samsung Mobile Processor Exynos 1580 Description An improper handling of the NL80211 vendor command results in a buffer overflow whe...

Exploit for Function Call With Incorrectly Specified Argument Value in Splunk

No d...

CVE-2025-15413

A vulnerability was detected in wasm3 up to 0.5.0. Impacted is the function opSetSloti32/opCallIndirect of the file m3exec.h. Performing a manipulation results in memory corruption. The attack needs to be approached locally. The exploit is now public and may be used. Unfortunately, the project ha...

CVE-2025-15413

A vulnerability was detected in wasm3 up to 0.5.0. Impacted is the function opSetSloti32/opCallIndirect of the file m3exec.h. Performing a manipulation results in memory corruption. The attack needs to be approached locally. The exploit is now public and may be used. Unfortunately, the project ha...

EUVD-2026-0004

A vulnerability was detected in wasm3 up to 0.5.0. Impacted is the function opSetSloti32/opCallIndirect of the file m3exec.h. Performing manipulation results in memory corruption. The attack needs to be approached locally. The exploit is now public and may be used. Unfortunately, the project has ...

CVE-2025-15413 wasm3 m3_exec.h op_CallIndirect memory corruption

A vulnerability was detected in wasm3 up to 0.5.0. Impacted is the function opSetSloti32/opCallIndirect of the file m3exec.h. Performing a manipulation results in memory corruption. The attack needs to be approached locally. The exploit is now public and may be used. Unfortunately, the project ha...

CVE-2025-68926

RustFS is a distributed object storage system built in Rust. In versions prior to 1.0.0-alpha.78, RustFS implements gRPC authentication using a hardcoded static token "rustfs rpc" that is publicly exposed in the source code repository, hardcoded on both client and server sides, non-configurable...

PT-2026-27715

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s drm/xe/queue functionality where a missing finalization call during queue initialization can lead to invalid memory references. Specifically, if queue...

PT-2026-20428

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s SCSI target iSCSI implementation within the iscsit dec conn usage count function. The function calls complete while holding the conn-conn usage lock...

PT-2026-20429

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock situation can occur in the Linux kernel related to tracing and System Call Interface SBI Extended Call ECALL functionality on RISC-V systems. Specifically, if functions within...

PT-2026-27654

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to IB/mthca, specifically concerning a missing call to mthca unmap user db within the mthca create srq function. This can lead to a...