OpenTelemetry .NET 安全漏洞

OpenTelemetry .NET is the .NET client of OpenTelemetry by OpenTelemetry Inc. There were security vulnerabilities in the version of OpenTelemetry .NET from 1.13.1 to 1.15.2. These vulnerabilities stemmed from the gRPC exporter’s ability to parse the grpc-status-details-bin trailer provided by the...

CVE-2026-31507

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SMC module. A local user can exploit this vulnerability by using the tee2 system call to duplicate a splice pipe buffer, leading to a double-free condition. This double-free can result in a use-after-free error and a kern...

GHSA-F2JV-WJJC-2C94 uutils coreutils has an Uncaught Exception When Encountering Valid but Non-UTF-8 Paths

The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces UTF-8 encoding and utilizes expect, causing an immediate crash when encountering valid but non-UTF-8 paths. This diverg...

CVE-2026-31457 mm/damon/sysfs: check contexts->nr in repeat_call_fn

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts-nr in repeatcallfn damonsysfsrepeatcallfn calls damonsysfsupdtunedintervals, damonsysfsupdschemesstats, and damonsysfsupdschemeseffectivequotas without checking contexts-nr. If nrcontexts is set to ...

USN-8197-1 slurm-llnl vulnerability

It was discovered that Slurm did not properly handle access control when dealing with RPC traffic through PMI2 and PMIx, which could allow an unprivileged user to send data to an arbitrary unix socket on the host. An attacker could possibly use this issue to execute arbitrary code as the root use...

EUVD-2026-24652

The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppwctabox' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user-supplied post meta values including 'ctaboxbuttonlink',...

EUVD-2026-24660

The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.3. This is due to missing nonce validation in the cboxoptionspage function which handles saving, creating, and deleting plugin settings. The form rendered on the...

CVE-2026-4118

The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.3. This is due to missing nonce validation in the cboxoptionspage function which handles saving, creating, and deleting plugin settings. The form rendered on the...

CVE-2026-4118

The CVE-2026-4118 entry concerns the WordPress Call To Action Plugin (versions update(). This enables unauthenticated attackers to modify configuration fields (e.g., title, content, link URL, image URL, colors) by forging requests, provided a site administrator is induced to perform an action suc...

CVE-2026-4118

The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.3. This is due to missing nonce validation in the cboxoptionspage function which handles saving, creating, and deleting plugin settings. The form rendered on the...

CVE-2026-4118 Call To Action Plugin <= 3.1.3 - Cross-Site Request Forgery via Settings Update

The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.3. This is due to missing nonce validation in the cboxoptionspage function which handles saving, creating, and deleting plugin settings. The form rendered on the...

CVE-2026-4088

Summary: The WordPress Switch CTA Box plugin (versions up to 1.1) is vulnerable to Stored Cross-Site Scripting via the wppw_cta_box shortcode due to insufficient sanitization/output escaping of post meta values (cta_box_button_link, cta_box_button_id, cta_box_button_text, cta_box_description). Th...

WordPress plugin Call To Action Plugin 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of boundary checks in the system call dispatch table. This vulnerability may allow for...

PT-2026-34362

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts-nr in repeat call fn damon sysfs repeat call fn calls damon sysfs upd tuned intervals, damon sysfs upd schemes stats, and damon sysfs upd schemes effective quotas without checking contexts-nr. If nr...

PT-2026-34430

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The BPF interpreter contains undefined behavior in its signed 32-bit division and modulo handlers. This occurs because the abs macro is used on s32 operands; when the input is the type...

Linux Distros Unpatched Vulnerability : CVE-2026-31525

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Fix undefined behavior in interpreter sdiv/smod for INTMIN The BPF interpreter's signed 32-bit division and modulo handlers use the kernel abs macro on s32...

PT-2026-34616

Name of the Vulnerable Software and Affected Versions @xmldom/xmldom versions prior to 0.8.13 @xmldom/xmldom versions prior to 0.9.10 xmldom versions 0.6.0 and earlier Description Seven recursive traversals in lib/dom.js operate without a depth limit. When processing a sufficiently deeply nested...

CVE-2026-41126 BigBlueButton has Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL"

BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL." Version 3.0.24 has adjusted the handling of requests with incorrect checksum so that the default logoutURL is used. No known workarounds...

Brillig: Heap corruption in foreign call results with nested tuple arrays

Description Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA instructions are processed block-by-block in BrilligBlock::compileblock. When the compiler encounters an Instruction::Call with a Value::ForeignFunction target, it invokes...