CVE-2026-0632 Fluent Forms Pro Add On Pack <= 6.1.12 - Authenticated (Subscriber+) Server-Side Request Forgery via 'saveDataSource'

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to...

CVE-2026-0632

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to...

SUSE CVE-2026-23092

In the Linux kernel, the following vulnerability has been resolved: iio: dac: ad3552r-hs: fix out-of-bound write in ad3552rhswritedatasource When simplewritetobuffer succeeds, it returns the number of bytes actually copied to the buffer. The code incorrectly uses 'count' as the index for null...

CVE-2026-23092

In the Linux kernel, the following vulnerability has been resolved: iio: dac: ad3552r-hs: fix out-of-bound write in ad3552rhswritedatasource When simplewritetobuffer succeeds, it returns the number of bytes actually copied to the buffer. The code incorrectly uses 'count' as the index for null...

CVE-2026-23092

CVE-2026-23092 relates to a Linux kernel fix in iio: dac: ad3552r-hs_write_data_source where out-of-bounds writes could occur. The issue stemmed from using the write-return count as the index for null termination instead of the actual number of bytes copied by simple_write_to_buffer(). If count e...

CVE-2026-23092 iio: dac: ad3552r-hs: fix out-of-bound write in ad3552r_hs_write_data_source

In the Linux kernel, the following vulnerability has been resolved: iio: dac: ad3552r-hs: fix out-of-bound write in ad3552rhswritedatasource When simplewritetobuffer succeeds, it returns the number of bytes actually copied to the buffer. The code incorrectly uses 'count' as the index for null...

CVE-2026-23092 iio: dac: ad3552r-hs: fix out-of-bound write in ad3552r_hs_write_data_source

In the Linux kernel, the following vulnerability has been resolved: iio: dac: ad3552r-hs: fix out-of-bound write in ad3552rhswritedatasource When simplewritetobuffer succeeds, it returns the number of bytes actually copied to the buffer. The code incorrectly uses 'count' as the index for null...

CVE-2026-23092

In the Linux kernel, the following vulnerability has been resolved: iio: dac: ad3552r-hs: fix out-of-bound write in ad3552rhswritedatasource When simplewritetobuffer succeeds, it returns the number of bytes actually copied to the buffer. The code incorrectly uses 'count' as the index for null...

Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

ExploitAtlas A full-stack Rust application for CVE intelligen...

ROS-20260129-73-0051

A vulnerability in the Request Handling component of Mozilla Firefox, Firefox ESR and Thunderbird email client is related to the lack of validation of the data or message source. Exploitation of the vulnerability could allow a remote attacker to bypass existing security restrictions...

CVE-2026-24836

creationtimestamp| type| source ---|---|--- 2026-01-28 00:52:20+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdh2nj27qg2m 2026-01-28 01:41:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdh5fn33kj2c...

Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption v...

GHSA-J49H-6577-5XWQ gmrtd ReadFile Vulnerable to Denial of Service via Excessive TLV Length Values

Unbounded TLV length in ReadFile can cause Denial of Service Summary A Denial of Service vulnerability was identified in ReadFile where unbounded TLV length values could lead to excessive CPU and memory usage when processing data from a malicious or non-compliant NFC source. This issue has been...

CVE-2025-69559

creationtimestamp| type| source ---|---|--- 2026-01-26 16:58:49+00:00| seen| https://gist.github.com/lih28984-commits/cd3a275dfd9c92a79b6a4a0e8801f4fa...

CVE-2025-58090

creationtimestamp| type| source ---|---|--- 2026-01-20 16:30:40+00:00| seen| https://infosec.place/objects/86c1cfe3-6826-4fb9-8bab-2163ea39c0ed...

CVE-2025-14798

creationtimestamp| type| source ---|---|--- 2026-01-20 06:38:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mctkap453m2i...

CVE-2025-29847

CVE-2025-29847 (Apache Linkis) : A vulnerability in Apache Linkis where, when using the JDBC engine and data source, multiple URL-encoded parameters on the frontend can bypass checks and allow unauthorized access to system files via JDBC parameters. Affected versions: 1.3.0–1.7.0. Impact: potenti...

CVE-2025-68924

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL aka Webservice URL as a data source for remote code execution...

CVE-2025-68924

CVE-2025-68924 affects UmbracoForms up to version 8.13.16. An authenticated attacker can specify a malicious WSDL URL as a Webservice data source, enabling remote code execution via dynamic SOAP client generation. The root cause is untrusted WSDL processing in the Webservice data source. Impact i...

PT-2026-3273

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL aka Webservice URL as a data source for remote code execution...