Netgear-WN604 downloadFile.php - Information Disclosure

There is an information leakage vulnerability in the downloadFile.php interface of Netgear WN604. A remote attacker using file authentication can use this vulnerability to obtain the administrator account and password information of the wireless router, causing the router's background to be...

Cacti 1.2.24 - SQL Injection

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper order of IRQ requests and the allocation of the powersupply handle in the power...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the unconditional success of the spintrylock operation when calling kmallocnolock within the NMI contex...

EUVD-2026-31204

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/fbdev-generic: prohibiting potential out-of-bounds accesses The fbdev test in IGT may write after EOF, leading to out-of-bound accesses for DRM drivers that use fbdev-generic. For example, running the fbdev test on an...

PT-2026-39301

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.4.1 Description An open redirect issue in Snipe-IT allows attackers to redirect users to malicious websites. This occurs because the application uses an unvalidated HTTP Referer header stored in a session variable...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/fb-helper: Fixed out-of-bounds access issues. The memory range was clipped to the size of the screen buffer to prevent out-of-bounds access during the damage handling in fbdev’ deferred I/O operations. fbdev’ deferred I/O can...

Paying Ransom Won’t Help as VECT 2.0 Ransomware Destroys Data Irreversibly

VECT 2.0 ransomware contains fatal flaws that permanently destroy files, making recovery impossible and rendering ransom payments useless for victims worldwide...

CVE-2026-41478

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...

CVE-2026-35338

A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbol...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an incorrect return value of the lookupextentdataref function in btrfs, potentially causing damag...

X.Org X Server 安全漏洞

X.Org X Server is an X Window system display server developed by the X.Org Foundation. There are security vulnerabilities in X.Org X Server, which stem from the reutilization of freed resources in the XSYNC fence trigger logic. Attackers could exploit these vulnerabilities to cause server crashes...

EUVD-2026-24963

A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbol...

GHSA-9GQX-53GP-C8G3 uutils coreutils allows users to bypass the --preserve-root safety mechanism

A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbol...

CVE-2026-35338 uutils coreutils chmod Path Traversal Bypass of --preserve-root

A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbol...

ONE 输入验证错误漏洞

ONE is a high-performance edge-side neural network inference framework developed by Samsung. Versions of ONE prior to 1.30.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from integer overflows during the calculation of the copy size for output tensors,...

PowerDNS Authoritative Server 输入验证错误漏洞

The PowerDNS Authoritative Server is a DNS server developed by the Dutch company PowerDNS. There is a vulnerability in input validation of the PowerDNS Authoritative Server. This vulnerability arises from operations conducted by administrators who are allowed to use the REST API. Such actions may...

Bit-Flip Vulnerability of Shared KV-Cache Blocks in LLM Serving Systems

Rowhammer on GPU DRAM has enabled adversarial bit flips in model weights; shared KV-cache blocks in LLM serving systems present an analogous but previously unexamined target. In vLLM's Prefix Caching, these blocks exist as a single physical copy without integrity protection. Using software fault...

Improper Control of a Resource Through its Lifetime

Overview pocketmine/pocketmine-mp is a highly customisable, open source server software for Minecraft: Bedrock Edition written in PHP Affected versions of this package are vulnerable to Improper Control of a Resource Through its Lifetime in the process handling entity state transitions. An attack...