Amazon Linux 2023 : device-mapper-persistent-data (ALAS2023-2026-1791)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1791 advisory. An unsoundness issue RUSTSEC-2026-0097 was found in the bundled Rust rand crate used by device-mapper- persistent-data. ThreadRng methods use unsafe code that can create aliased mutable references when...

Amazon Linux 2023 : nvidia-libXNVCtrl, nvidia-libXNVCtrl-devel, nvidia-settings (ALAS2023NVIDIA-2026-286)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2026-286 advisory. NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successfu...

Amazon Linux 2023 : nvidia-open (ALAS2023NVIDIA-2026-284)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2026-284 advisory. NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successfu...

Amazon Linux 2023 : nvidia-fabric-manager-devel, nvidia-fabricmanager (ALAS2023NVIDIA-2026-289)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2026-289 advisory. NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successfu...

📄 ProjeQtor 12.4.3 SQL Injection

This Python script automates exploitation of an SQL injection vulnerability in a ProjeQtor login interface. Version 12.4.3 is affected. ================================================================================================================================== | Title : ProjeQtor 12.4.3...

Guidance for Veeam Data Cloud Customers in Middle East Regions

Summary Veeam is monitoring risks that may affect cloud infrastructure in the Middle East regions, including the UAE, Qatar, and Israel. Customers using Veeam Data Cloud services in these regions should review their data resilience requirements and consider whether additional geographic separatio...

llm-endpoint-vulnerability-poc

LLM Endpoint Vulnerability PoC A proof-of-concept for exposin...

MAL-2026-5292 Malicious code in bittensor-burn-watch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16180f1609731d35398f11dbfcb328826d2e39a7acf42fc256b563512645e6e5 Package advertises itself as a Bittensor subnet burn-rate monitor but bundles a live TELEGRAMBOTTOKEN and TELEGRAMCHATID in...

Malicious code in clip-logger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0ee6244e4630a085f305c933f50283a232dda9e0d8e0ba3bab2bb880e53a736d The package contains code to steal clipboard content to a predefined remote location. If run in the right way, the code will periodically check the clipboard a...

MAL-2026-5293 Malicious code in clip-logger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0ee6244e4630a085f305c933f50283a232dda9e0d8e0ba3bab2bb880e53a736d The package contains code to steal clipboard content to a predefined remote location. If run in the right way, the code will periodically check the clipboard a...

CVE-2026-8901

The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Form Submission Data in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This make...

CVE-2026-8839

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This is due to missing ownership verification in the REST API routes registered via MappressApi::restapiinit, where the GET...

CVE-2026-8502

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the 'returntype' parameter. This makes it possible for unauthenticated attackers to extract sensitive data...

CVE-2026-7566

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...

tarfile.data_filter path traversal bypass allows writing outside the extraction directory

...

CVE-2026-11265

An insufficient data validation flaw was found in the Autofill component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=500262869...

CVE-2026-11219

An insufficient data validation flaw was found in the Navigation component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=480074849...

CVE-2026-11161

An insufficient data validation flaw was found in the DataTransfer component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501920294...

CVE-2026-11134

An insufficient data validation flaw was found in the Media component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501640084...

SUSE CVE-2026-10944

Insufficient policy enforcement in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...