base-flow (=1.0.6), cmp-graph (>=0.0.1 <=0.0.5) +11 more potentially affected by unknown CVE via @antv/g6-editor (>=1.0.8 <=1.2.0)

@antv/g6-editor NPM version =1.0.8, =0.0.1, =1.0.13, =1.0.0, =0.1.0, =1.0.0, =0.0.1, =0.1.0, =0.0.2, =0.2.5, =0.2.6 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3986...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013082)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013082 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - avoid null pointer deref in mpicmpui During NVMeTCP Authentication a controller...

CVE-2026-6518

The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the cmpthemeupdateinstall AJAX action. This is due to the function only checking for the publishpages...

CVE-2026-6518 CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.16 - Missing Authorization to Authenticated (Administrator+) Arbitrary File Upload and Remote Code Execution

The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the cmpthemeupdateinstall AJAX action. This is due to the function only checking for the publishpages...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...

Malicious code in paramount-cmp-html5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f49d119208d4541e1b4c557d446b21a7573c4649d3e8ab1116ff29d0c66b2da9 The package paramount-cmp-html5 was found to contain malicious code...

MAL-2026-1807 Malicious code in paramount-cmp-html5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f49d119208d4541e1b4c557d446b21a7573c4649d3e8ab1116ff29d0c66b2da9 The package paramount-cmp-html5 was found to contain malicious code...

AZL-76389 CVE-2025-63656 affecting package fluent-bit 3.0.6-6

An out-of-bounds read in the headercmp function mkserver/mkhttpparser.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

MiracleLinux 8 : kernel-4.18.0-553.82.1.el8_10 (AXSA:2025-11082:86)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11082:86 advisory. kernel: wifi: mac80211: check S1G action frame size CVE-2023-53257 kernel: wifi: mwifiex: Fix OOB and integer underflow when rx packets...

CVE-2025-1666

The Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the senduninstallsurvey function in all versions up to, and including, 4.4.1. This makes it possible for authenticate...

kernel: wifi: cfg80211: fix use-after-free in cmp_bss()

A use after free vulnerbility exists in the linux kernel wifi module in the cmpbss function,an attacker could create a crafted payload to trigger, leading to damage availability and integrity of the system...

kernel: wifi: cfg80211: fix use-after-free in cmp_bss()

A use after free vulnerbility exists in the linux kernel wifi module in the cmpbss function,an attacker could create a crafted payload to trigger, leading to damage availability and integrity of the system...

kernel: wifi: cfg80211: fix use-after-free in cmp_bss()

A use after free vulnerbility exists in the linux kernel wifi module in the cmpbss function,an attacker could create a crafted payload to trigger, leading to damage availability and integrity of the system...

kernel: wifi: cfg80211: fix use-after-free in cmp_bss()

A use after free vulnerbility exists in the linux kernel wifi module in the cmpbss function,an attacker could create a crafted payload to trigger, leading to damage availability and integrity of the system...

kernel: wifi: cfg80211: fix use-after-free in cmp_bss()

A use after free vulnerbility exists in the linux kernel wifi module in the cmpbss function,an attacker could create a crafted payload to trigger, leading to damage availability and integrity of the system...

Use-after-realloc vulnerablity in mruby 3.4.0

A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sortcmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is...

kernel: wifi: cfg80211: fix use-after-free in cmp_bss()

A use after free vulnerbility exists in the linux kernel wifi module in the cmpbss function,an attacker could create a crafted payload to trigger, leading to damage availability and integrity of the system...

CVE-2025-62920 WordPress USERCENTRICS CMP plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webnique USERCENTRICS CMP usercentrics-consent-management-platform allows Stored XSS.This issue affects USERCENTRICS CMP: from n/a through = 1.0.9...

CVE-2025-62920 WordPress USERCENTRICS CMP plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webnique USERCENTRICS CMP usercentrics-consent-management-platform allows Stored XSS.This issue affects USERCENTRICS CMP: from n/a through = 1.0.9...