CVE-2026-42437 OpenClaw 2026.4.9 < 2026.4.10 - Denial of Service via Oversized WebSocket Frames in Voice-call Realtime Path

OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerability in the voice-call realtime WebSocket path that accepts oversized frames without proper validation. Remote attackers can send oversized WebSocket frames to cause service unavailability for deployments exposing th...

CVE-2023-54345 Frappe Framework ERPNext 13.4.0 Remote Code Execution

Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script endpoint and access the...

linux-copy-fail-exploit

CVE-2026-31431 Copy Fail - LPE Exploit PoC !Pythonhttps:...

CVE-2026-6696 Zingaya Click-to-Call <= 1.0 - Reflected Cross-Site Scripting via 'email' Parameter

The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...

CVE-2026-6696

CVE-2026-6696 concerns the Zingaya Click-to-Call plugin for WordPress. The connected documents confirm a Reflected Cross-Site Scripting vulnerability on the plugin’s sign-up admin page, affecting all versions up to and including 1.0. The root cause is insufficient input sanitization and output es...

CVE-2026-31196

The traceroute diagnostic handler in /bin/httpdclientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters usi...

CVE-2026-31195

The ping diagnostic handler in /bin/httpdclientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using she...

WordPress plugin Zingaya Click-to-Call 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2026-31195

The CVE-2026-31195 issue affects ALTICE LABS / SFR France GR140DG/GR140IG fibre CPE/Router/Gateway. The ping diagnostic handler at /bin/httpd_clientside inserts unsanitized user input into a system() call, enabling authenticated remote attackers to execute arbitrary commands as root via crafted d...

CVE-2026-6447

The Call for Price for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-4650

The FundPress – WordPress Donation Plugin for WordPress is vulnerable to authorization bypass in versions up to and including 2.0.8. This is due to missing authorization and nonce verification in the donateactionstatus AJAX handler, which is registered to be accessible to unauthenticated users vi...

PT-2026-36844

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption occurs when another driver calls an IOCTL Input/Output Control, which is a device driver communication mechanism, using an invalid input or...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory leaks in checkfunccall kmemleak reports this issue: unreferenced object 0xffff88817139d000 size 2048: comm "testprogs", pid 33246, jiffies 4307381979 age 45851.820s hex dump first 32 bytes: 01 00 00 00 00 00 00 00...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: ftrace: consistently handles PLTs. Sometimes it is necessary to use a PLT entry to call a ftrace trampoline. This is handled by ftracemakecall and ftracemakenop, both of which have almost identical logic. However, this iss...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: vsock: Fixed the transport TOCTOU issue. The transport assignment may race with module unloading. This issue is addressed by protecting newtransport from becoming a stale pointer. This also includes fixing an insecure call in...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Convert spinlock to mutex to lock evl workqueue The drainworkqueue function cannot be called safely in a spinlocked context due to possible task rescheduling. In a multi-task scenario, calling queuework while...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: nfsd: calls oprelease, even when opfunc returns an error. For operations with “trivial” replies, nfsd4encodeoperation will shortcut most of the encoding process and simply perform marshaling of the status. One of the things it...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: SUNRPC: Fixed a server shutdown leak A race condition was addressed where kthreadstop might prevent threadfn from being called at all. If this occurs, the svcrqst will not be cleaned up properly...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix memory leak why Resource release is needed on the error handling path to prevent memory leak. how Fix this by adding kfree on the error handling path...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: ARM: davinci: da850evm: Avoid NULL pointer dereferencing In newer versions of GCC, a panic occurs in da850evmconfigemac when booting multiv5defconfig in QEMU under the palmetto-bmc machine. The issue arises from attempting to...