Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001377)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001377 advisory. In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with...

CVE-2025-14720

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all versions up to, and including, 1.2.38. This makes it possible for unauthenticated attackers to mark payments as...

CVE-2026-0853

Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information...

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed a vulnerability in SQL Server A malicious party can exploit the vulnerability to gain unauthorized access to DEBUG functionality and thereby generate, among other things, memory dumps. These dumps can also involve memory outside the scope of SQL Server, allowing the malicious...

Description of the security update for SharePoint Server Subscription Edition: January 13, 2026 (KB5002822)

Description of the security update for SharePoint Server Subscription Edition: January 13, 2026 KB5002822 Summary Important: If you're currently running SharePoint Workflow Manager, you must install SharePoint Workflow Manager KB5002799 to your farm before you install this cumulative update. If...

CVE-2025-68815 net/sched: ets: Remove drr class from the active list if it changes to strict

In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Remove drr class from the active list if it changes to strict Whenever a user issues an ets qdisc change command, transforming a drr class into a strict one, the ets code isn't checking whether that class was in t...

CasaOS <= 0.4.15 Information Disclosure Vulnerability - Version Check

CasaOS is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:icewhale:casaos"; if...

kernel: mm: slub: avoid wake up kswapd in set_track_prepare

A deadlock lock recursion vulnerability exists in the linux kernel such that when CONFIGDEBUGOBJECTSTIMERS is set, may wake up kswapd in settrackprepare, and try to hold the percpuhrtimerbases lock...

CVE-2026-0853

Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information...

CVE-2026-0853 A-Plus Video Technologies｜NVR - Sensitive Data Exposure

Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information...

CVE-2026-0853 A-Plus Video Technologies｜NVR - Sensitive Data Exposure

Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information...

EUVD-2026-1953

Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information...

CVE-2026-0853

CVE-2026-0853 affects certain NVR models from A-Plus Video Technologies. The underlying issue is a Sensitive Data Exposure that can be exploited by unauthenticated remote attackers to access the device’s debug page and retrieve device status information. Impact is described as exposure of status ...

A-Plus Video多款产品 安全漏洞

The A-Plus Video AP-RM864P, among others, is a network video recorder from A-Plus Video of Taiwan, China. A security vulnerability exists in a number of A-Plus Video products. The vulnerability stems from sensitive data leakage and could allow an unauthenticated, remote attacker to access debug...

PT-2026-2043

Name of the Vulnerable Software and Affected Versions A-Plus Video Technologies NVR models affected versions not specified Description A security issue exists in certain NVR models developed by A-Plus Video Technologies that allows unauthenticated remote attackers to access the debug page...

CVE-2023-50124

Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default credentials on a debug interface, in combination with certain design choices, an attacker can unlock the Flient Smart Door Lock by replacing the fingerprint that is stored on the scanner...

CVE-2023-31305

Generation of weak and predictable Initialization Vector IV in PMFW Power Management Firmware may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially resulting in information disclosure...

CVE-2023-40600

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0...

CVE-2018-21074

An issue was discovered on Samsung mobile devices with M6.x Exynos or Qualcomm chipsets software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is SVE-2017-10638 April 2018...

CVE-2021-27789

The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive...