Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the RPC Handler component. An attacker can gain unauthorized access to sensitive operations or data by sending crafted remote procedure calls without proper authorization checks. Remediation Upgrade...

WordPress Call for Price for WooCommerce plugin <= 4.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by AndyGuru - AndyGuru in WordPress Plugin Call for Price for WooCommerce versions = 4.2.0...

CVE-2026-37525

AGL app-framework-binder afb-daemon through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The onsupervisioncall function in src/afb-supervision.c explicitly nullifies the request credentials by calling afbcontextchangecred&xreq-context, NULL before...

PT-2026-36503

Name of the Vulnerable Software and Affected Versions AGL app-framework-binder afb-daemon versions prior to 19.90.1 Description A privilege escalation issue exists in the supervision Do command. The on supervision call function in src/afb-supervision.c nullifies request credentials by calling afb...

CVE-2026-7505 nextlevelbuilder GoClaw/GoClaw Lite RPC improper authorization

A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading to version...

Exploit for CVE-2026-31431

Copy Fail CVE-2026-31431 - Comprehensive Writeup 1. Vuln...

Exploit for CVE-2026-31431

copyFail.py — CVE Exploit Analysis Report Summary copyFa...

apache-airflow-providers-smtp: No certificate validation on SMTP STARTTLS connections in SMTP provider

Apache Airflow's SMTP provider SmtpHook called Python's smtplib.SMTP.starttls without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate, complete the STARTTLS...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.60 security and extras update

Red Hat OpenShift Container Platform release 4.16.60 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a security impact of...

Exploit for CVE-2026-31431

CVE-2026-31431 Copy Fail Detection Toolkit Detection and an...

CVE-2026-39457

When exchanging data over a socket, libnv uses select2 to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select2's file descriptor set size limit of FDSETSIZE 1024. An attacker who is able to force a libnv application to allocate large file...

EUVD-2026-26356

When exchanging data over a socket, libnv uses select2 to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select2's file descriptor set size limit of FDSETSIZE 1024. An attacker who is able to force a libnv application to allocate large file...

CVE-2026-39457

When exchanging data over a socket, libnv uses select2 to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select2's file descriptor set size limit of FDSETSIZE 1024. An attacker who is able to force a libnv application to allocate large file...

Exploit for CVE-2026-31431

Copy-Fail CVE-2026-31431 Static Go PoC This repository contai...

Microsoft won&#8217;t patch PhantomRPC: Feature or bug?

A researcher has discovered a weakness called PhantomRPC that Microsoft does not consider a vulnerability it plans to patch. PhantomRPC involves Windows Remote Procedure Call RPC, the core of communication between Windows processes. The vulnerability lets a process with impersonation rights...

PT-2026-38907

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the RxRPC subsystem of the Linux kernel involving the incorrect handling of fragmented packets and data copying mechanisms in socket buffers. Specifically, the...

FreeBSD-SA-26:13.exec

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:13.exec Security Advisory The FreeBSD Project Topic: Local privilege escalation via execve Category: core Module: execve2 Announced: 2026-04-29 Credits: Ryan...

Static Attribution of Android Residential Proxy Malware Using Graph Kernels

Android residential proxy applications represent a growing class of potentially-unwanted programs PUPs that covertly route third-party traffic through end-user devices, enabling ad fraud, credential abuse, and evasion of geolocation controls by sophisticated threat actors. Attributing an unknown...

Linux Distros Unpatched Vulnerability : CVE-2026-31653

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/damon/sysfs: dealloc repeatcallcontrol if damoncall fails damoncall for repeatcallcontrol of DAMONSYSFS could fail if somehow the kdamond is stopped before t...

SUSE CVE-2026-31652

In the Linux kernel, the following vulnerability has been resolved: mm/damon/stat: deallocate damoncall failure leaking damonctx damonstatstart always allocates the module's damonctx object damonstatcontext. Meanwhile, if damoncall in the function fails, the damonctx object is not deallocated...