WordPress plugin Masteriyo LMS 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Dell Integrated Dell Remote Access Controller Information Disclosure Vulnerability

Dell Integrated Dell Remote Access Controller is an embedded controller for remote management and monitoring of servers from Dell USA. An information disclosure vulnerability exists in Dell Integrated Dell Remote Access Controller. The vulnerability stems from the failure to clear debugging...

EVerest 安全漏洞

EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions prior to EVerest 2026.02.0 contained security vulnerabilities. These vulnerabilities were caused by stack buffer overflows during CAN interface initialization, which could lead to stack data...

Dell Integrated Dell Remote Access Controller Code Execution Vulnerability

Dell Integrated Dell Remote Access Controller is an embedded controller for remote management and monitoring of servers from Dell USA. A code execution vulnerability exists in Dell Integrated Dell Remote Access Controller. The vulnerability stems from the application failing to properly filter...

FUEL CMS 安全漏洞

FUEL CMS is a content management system CMS developed by David McReynolds using the Codelgniter framework. Version 1.5.2 of FUEL CMS contains a security vulnerability, which stems from the /controllers/Login.php component being vulnerable to SQL injection attacks...

PT-2026-28246

OpenBiz Cubi Lite 3.0.8 contains a SQL injection vulnerability in the login form that allows unauthenticated attackers to manipulate database queries through the username parameter. Attackers can submit POST requests to /bin/controller.php with malicious SQL code in the username field to extract...

CVE-2026-30463

Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component...

CVE-2026-30463

CVE-2026-30463 affects Daylight Studio FuelCMS v1.5.2. The vulnerability is a SQL injection in the /controllers/Login.php component. Root cause is an injectable parameter handling in that login controller. Remediation per PT-Security PT-2026-28400 is to update FuelCMS to a newer version; as a tem...

Rails 安全漏洞

Rails is an open-source web application framework based on the Ruby language, developed by the Rails team in the United States. Vulnerabilities exist in versions of Rails Active Storage prior to 8.1.2.1, 8.0.4.1, and 7.2.3.1. These vulnerabilities stem from the lack of restrictions on the number ...

CVE-2026-30463

Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component...

PT-2026-28400

Name of the Vulnerable Software and Affected Versions Daylight Studio FuelCMS version 1.5.2 Description FuelCMS version 1.5.2 contains a SQL injection issue through the /controllers/Login.php component. The vulnerability is located in the /controllers/Login.php component and allows for potential...

Kalcaddle Kodbox 代码问题漏洞

Kalcaddle Kodbox is a private cloud storage and online collaborative office platform developed by Kalcaddle Corporation. Version 1.64 of kalcaddle Kodbox contains a code vulnerability. This vulnerability arises from an operation on the Add function in the file...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the proxy controller when processing HTTP requests containing a large number of byte ranges in the Range header. An attacker can cause excessive CPU usage by sending requests with...

EUVD-2026-15433

A vulnerability in the processing of Control and Provisioning of Wireless Access Points CAPWAP packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This...

SUSE CVE-2026-23287

In the Linux kernel, the following vulnerability has been resolved: irqchip/sifive-plic: Fix frozen interrupt due to affinity setting PLIC ignores interrupt completion message for disabled interrupt, explained by the specification: The PLIC signals it has completed executing an interrupt handler ...

SUSE CVE-2026-23357

In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix deadlock in error path of mcp251xopen The mcp251xopen function call freeirq in its error path with the mpclock mutex held. But if an interrupt already occurred the interrupt handler will be waiting for the mpclo...

SUSE CVE-2026-23360

In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvmeallocadmintagset is called during a controller reset, a previous admin queue may still exist. Release it properly before allocating a new one to avoid orphaning the old queu...

CVE-2026-23360

A flaw was found in the Linux kernel's Non-Volatile Memory Express NVMe subsystem. When an NVMe controller is reset, a previously allocated administration queue may not be properly released before a new one is created. This can lead to the old queue becoming orphaned, potentially causing resource...

CVE-2026-20086

A vulnerability in the processing of Control and Provisioning of Wireless Access Points CAPWAP packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This...

CVE-2026-20086

Cisco IOS XE Wireless Controller Software (Catalyst CW9800 Family) is affected by a DoS vulnerability in CAPWAP packet processing. An unauthenticated, remote attacker can send a malformed CAPWAP packet to trigger an unexpected device reload, resulting in service disruption. Root cause: improper h...