156 matches found
CVE-2026-58000 luci-proto-openvpn - Command Injection via cl_meta Parameter in generateKey
luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the clmeta parameter is interpolated into a shell command without proper escaping or quoting. An authenticated LuCI user with OpenVPN protocol configuration...
PT-2026-53683
Name of the Vulnerable Software and Affected Versions luci-proto-openvpn versions prior to 0.11.1 Description An authenticated LuCI user with OpenVPN protocol configuration access can execute arbitrary commands as root. This occurs because the generateKey ubus method interpolates the cl meta...
SUSE-SU-2026:2308-1 Security update for netty, netty-tcnative
This update for netty, netty-tcnative fixes the following issues - CVE-2026-41417: missing validations leads to HTTP request smuggling and RTSP request injection via start-line injection in DefaultHttpRequest.setUri bsc1264350. - CVE-2026-42578: HTTP Header Injection via HttpProxyHandler Disabled...
FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads
Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell. According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed...
WordPress Contact List plugin <= 3.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_cl_map_iframe' Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'clmapiframe' Parameter vulnerability discovered by Tharadol Suksamran d3kc4rt1 in WordPress Plugin Contact List versions = 3.0.18...
PT-2026-26720
The Contact List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ' cl map iframe' parameter in all versions up to, and including, 3.0.18. This is due to insufficient input sanitization and output escaping when handling the Google Maps iframe custom field. The...
MAL-2026-1579 Malicious code in nf-cl-ls (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05a649ee3bcabdbceb5c56f4056dda77174867deaa1600f8a196792cc6c1356c The package nf-cl-ls was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in nf-cl-ls (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05a649ee3bcabdbceb5c56f4056dda77174867deaa1600f8a196792cc6c1356c The package nf-cl-ls was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-1799 Malicious code in nf-cl-logger-test2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7f92e72b8e76efdc1d671f13821d881ac58ea36208cd948bad66d2650e63492 The package nf-cl-logger-test2 was found to contain malicious code...
Malicious code in nf-cl-logger-test2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7f92e72b8e76efdc1d671f13821d881ac58ea36208cd948bad66d2650e63492 The package nf-cl-logger-test2 was found to contain malicious code...
Malicious code in nf-cl-logger-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3215a4f0e3f4b33553d866c95c85ddbd61038f8cc37123818021c3307801abf0 The package nf-cl-logger-test was found to contain malicious code...
MAL-2026-1798 Malicious code in nf-cl-logger-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3215a4f0e3f4b33553d866c95c85ddbd61038f8cc37123818021c3307801abf0 The package nf-cl-logger-test was found to contain malicious code...
SUSE CVE-2026-23105
In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use clisactive to determine whether class is active in qfqrmfromag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq...
CVE-2026-23105
In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use clisactive to determine whether class is active in qfqrmfromag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq...
UBUNTU-CVE-2026-23105
In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use clisactive to determine whether class is active in qfqrmfromag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq...
EUVD-2026-5436
In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use clisactive to determine whether class is active in qfqrmfromag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq...
Malicious code in mbo-letters-cl (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d367723532d1a3f90f88a1d23230230dafb47b5f26a68af29aafda36084f5417 The package mbo-letters-cl was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-611 Malicious code in mbo-letters-cl (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d367723532d1a3f90f88a1d23230230dafb47b5f26a68af29aafda36084f5417 The package mbo-letters-cl was found to contain malicious code. Source: ossf-package-analysis...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003267)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003267 advisory. The vc4getbcl function in drivers/gpu/drm/vc4/vc4gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002808)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002808 advisory. Integer overflow in the vc4getbcl function in drivers/gpu/drm/vc4/vc4gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 allows local users to cause a...