CVE-2026-1920

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ExtensionController::updateitempermissionscheck' function in all versions up to, and including, 1.0.16. This...

CVE-2026-26741

PX4 Autopilot versions 1.12.x–1.15.x contain a logic flaw in the mode switching mechanism: when transitioning from Auto to Manual while ARMED (after landing and before automatic disarm via COM_DISARM_LAND), there is no throttle-threshold safety check for the physical throttle stick. The issue cou...

PT-2026-24476

Name of the Vulnerable Software and Affected Versions Sylius versions prior to 2.0.16 Sylius versions prior to 2.1.12 Sylius versions prior to 2.2.3 Description Sylius, an Open Source eCommerce Framework on Symfony, contains a cross-site scripting XSS issue in the shop checkout login form. The...

PT-2026-24175

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'Extension Controller::update item permissions check' function in all versions up to, and including, 1.0.16. Thi...

WordPress plugin Booking Calendar for Appointments and Service Businesses – Booktics 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

Resource Injection

Overview Affected versions of this package are vulnerable to Resource Injection via the buildProxyPass function. An attacker can execute arbitrary code and access sensitive information by injecting malicious configuration into the nginx controller process. Remediation Upgrade...

Resource Injection

Overview Affected versions of this package are vulnerable to Resource Injection via the buildProxyPass function. An attacker can execute arbitrary code and access sensitive information by injecting malicious configuration into the nginx controller process. Remediation Upgrade...

CVE-2026-29773 kubewarden-controller cross-namespace data exfiltration via deprecated host callback binding

Kubewarden is a policy engine for Kubernetes. Kubewarden cluster operators can grant permissions to users to deploy namespaced AdmissionPolicies and AdmissionPolicyGroups in their Namespaces. One of Kubewarden promises is that configured users can deploy namespaced policies in a safe manner,...

EUVD-2026-10360

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible t...

CVE-2026-3288

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible t...

CVE-2026-3288

Summary: CVE-2026-3288 concerns ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target annotation can inject configuration into nginx, enabling arbitrary code execution in the ingress-nginx controller and disclosure of Secrets accessible to the controller. The default installation can...

CVE-2026-3733

A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipulation results in server-side request forgery. It is possible to launch the attack remotely. The explo...

Security Bulletin: ELM on Hybrid Cloud vulnerabilities addressed in 1.3.0

Summary This release addresses security vulnerabilities in application and operator images of ELM on Hybrid cloud offering. Identified vulnerabilities identified below relate to the underlying OS packages and language dependencies which impacts the product within the deployed environment. One of...

kernel: Fix of 10 CVEs

ACPICA: Add AMLNOOPERANDRESOLVE flag to Timer CVE-2023-53395 - net: ppp: Add bound checking for skb data on pppsynctxmung CVE-2025-37749 - ata: ahci: Match EMMAXSLOTS with SATAPMPMAXPORTS CVE-2022-50315 - ext2: Check block size validity during mount CVE-2023-53569 - gfs2: Fix possible data races...

kernel: net: af_can: do not leave a dangling sk pointer in can_create()

In the Linux kernel, the following vulnerability has been resolved: net: afcan: do not leave a dangling sk pointer in cancreate On error cancreate frees the allocated sk object, but sockinitdata has already attached it to the provided sock object. This will leave a dangling sk pointer in the sock...

CLSA-2026-1773048865 kernel: Fix of 53 CVEs

xhci: Remove device endpoints from bandwidth list when freeing the device CVE-2022-50470 - HID: multitouch: Add NULL check in mtinputconfigured CVE-2024-58020 - netfilter: nftsetpipapo: clamp maximum map bucket size to INTMAX CVE-2025-38201 - fs: writeback: fix use-after-free in markinodedirty...

CVE-2026-3800

A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. Affected is the function doInsert of the file /controller.php?action=add. Such manipulation of the argument image leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclose...

CVE-2026-3800 SourceCodester/janobe Resort Reservation System controller.php doInsert unrestricted upload

A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. Affected is the function doInsert of the file /controller.php?action=add. Such manipulation of the argument image leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclose...

CVE-2026-3800

SourceCodester/janobe Resort Reservation System 1.0 is affected by CVE-2026-3800. The vulnerability lies in the doInsert function of /controller.php?action=add, where manipulation of the image argument enables unrestricted file upload. This could allow remote attackers to upload arbitrary files. ...

PT-2026-24119

Name of the Vulnerable Software and Affected Versions ingress-nginx versions prior to 1.13.7 and 1.14.3 Description A security issue exists in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be exploited to inject configuration into nginx. This can result...