CVE-2026-2502

The xmlrpc attacks blocker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0, via the 'X-Forwarded-For' HTTP header. This is due to the plugin trusting and logging attacker-controlled IP header data and rendering debug log entries without outp...

CVE-2026-2502

CVE-2026-2502 concerns the WordPress plugin xmlrpc-attacks-blocker (versions up to and including 1.0). The vulnerability is a Stored XSS via the X-Forwarded-For header, caused by trusting attacker-controlled header data and rendering unescaped entries in the debug log. This allows unauthenticated...

CVE-2025-13113

CVE-2025-13113 concerns the WordPress plugin “Web Accessibility by accessiBe.” The issue is an unauthenticated sensitive information exposure caused by the function accessibe_render_js_in_footer() logging the full plugin options array to the browser console on public pages. This output is not res...

CVE-2025-11725

The CVE-2025-11725 entry concerns the Aruba HiSpeed Cache WordPress plugin, affected up to version 3.0.2. The vulnerability arises from missing capability checks in multiple functions, allowing unauthenticated attackers to modify the plugin’s configuration settings and enable/disable features. Im...

SUSE CVE-2026-23219

In the Linux kernel, the following vulnerability has been resolved: mm/slab: Add alloctaggingslabfreehook for memcgallocabortsingle When CONFIGMEMALLOCPROFILINGDEBUG is enabled, the following warning may be noticed: 3959.023862 ------------ cut here ------------ 3959.023891 alloctag was not clear...

PT-2026-20574

Name of the Vulnerable Software and Affected Versions Aruba HiSpeed Cache versions up to and including 3.0.2 Description The Aruba HiSpeed Cache plugin for WordPress is susceptible to unauthorized data modification because of absent capability checks in several functions. This allows...

PT-2026-20641

Name of the Vulnerable Software and Affected Versions xmlrpc attacks blocker plugin for WordPress versions prior to 1.1 Description The xmlrpc attacks blocker plugin for WordPress is susceptible to Stored Cross-Site Scripting. This occurs due to the plugin trusting and logging attacker-controlled...

UBUNTU-CVE-2026-23219

In the Linux kernel, the following vulnerability has been resolved: mm/slab: Add alloctaggingslabfreehook for memcgallocabortsingle When CONFIGMEMALLOCPROFILINGDEBUG is enabled, the following warning may be noticed: 3959.023862 ------------ cut here ------------ 3959.023891 alloctag was not clear...

CVE-2026-23219

CVE-2026-23219 concerns the Linux kernel (mm/slab) where alloc_tagging_slab_free_hook was not invoked in memcg_alloc_abort_single, causing a spurious warning: “alloc_tag was not cleared …” when CONFIG_MEM_ALLOC_PROFILING_DEBUG is enabled. The issue arises because the existing __memcg_slab_post_al...

CVE-2026-23219 mm/slab: Add alloc_tagging_slab_free_hook for memcg_alloc_abort_single

In the Linux kernel, the following vulnerability has been resolved: mm/slab: Add alloctaggingslabfreehook for memcgallocabortsingle When CONFIGMEMALLOCPROFILINGDEBUG is enabled, the following warning may be noticed: 3959.023862 ------------ cut here ------------ 3959.023891 alloctag was not clear...

Linux Distros Unpatched Vulnerability : CVE-2026-23219

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/slab: Add alloctaggingslabfreehook for memcgallocabortsingle When CONFIGMEMALLOCPROFILINGDEBUG is enabled, the following warning may be noticed: 3959.023862...

PT-2026-20431

In the Linux kernel, the following vulnerability has been resolved: mm/slab: Add alloc tagging slab free hook for memcg alloc abort single When CONFIG MEM ALLOC PROFILING DEBUG is enabled, the following warning may be noticed: 3959.023862 ------------ cut here ------------ 3959.023891 alloc tag w...

CVE-2024-36319

Debug code left active in AMD's Video Decoder Engine Firmware VCN FW could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system...

UBUNTU-CVE-2026-23131

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names The hp-bioscfg driver attempts to register kobjects with empty names when the HP BIOS returns attributes with empty name strings. This causes multiple kerne...

CVE-2026-23131

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names The hp-bioscfg driver attempts to register kobjects with empty names when the HP BIOS returns attributes with empty name strings. This causes multiple kerne...

CVE-2025-52533

Improper Access Control in an on-chip debug interface could allow a privileged attacker to enable a debug interface and potentially compromise data confidentiality or integrity...

CVE-2026-26190

Milvus prior to versions 2.5.27 and 2.6.10 exposes TCP 9091 by default, enabling authentication bypasses. The /expr debug endpoint uses a weak default token (etcd.rootPath, default: by-dev) allowing arbitrary expression evaluation. The REST API (/api/v1/*) is registered on the metrics/management ...

CVE-2026-2250

The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests...

CVE-2025-52533

Improper Access Control in an on-chip debug interface could allow a privileged attacker to enable a debug interface and potentially compromise data confidentiality or integrity...

CVE-2024-36319

Debug code left active in AMD's Video Decoder Engine Firmware VCN FW could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system...