CVE-2026-53291

A flaw was found in the Advanced Linux Sound Architecture ALSA hda/conexant driver within the Linux kernel. A missing error check for the sndhdajackdetectenablecallback function's return value in cxprobe can lead to a kernel crash. If the registration of the jack detection callback fails, the...

ChangeDetection.io <= v0.50.33 - Stored XSS via Watch API

changedetection.io = 0.50.34 contains a stored cross site scripting caused by insufficient security checks in the Watch update API, letting attackers execute arbitrary JavaScript when users preview malicious links, exploit requires user interaction id: CVE-2025-62780 info: name: ChangeDetection.i...

IBM Planning Analytics - Authentication Bypass & Remote Code Execution Version Detection

IBM Planning Analytics versions 2.0.0 through 2.0.8 are vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. id: CVE-2019-4716 info: name: IBM Planning Analytics - Authentication Bypass & Remote...

User Profile Builder < 3.11.8 - File Upload

The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP. id: CVE-2024-6366 info: name: User Profile Builder 3.11.8 - File Upload author: s4e-io severity: high...

CVE-2026-58049

creationtimestamp| type| source ---|---|--- 2026-06-28 02:49:30+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mpcxm2ljnz2i 2026-06-28 05:30:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpdalwcm4y2z 2026-06-28 06:00:59+00:00| seen|...

EUVD-2026-39855

In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject zero bdoblocknr in nilfsioctlmarkblocksdirty nilfsioctlmarkblocksdirty uses bdoblocknr to detect dead blocks by comparing it with the current block number bdblocknr. If they differ, the block is considered dead and...

CVE-2026-53291

CVE-2026-53291 (Linux kernel: ALSA HDA/Conexant) is about a missing error check in cx_probe() for snd_hda_jack_detect_enable_callback(). The function can return an error pointer on failure (e.g., memory allocation), and the code was ignoring this return value. If registration fails, jack-detectio...

EUVD-2026-39896

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/conexant: Fix missing error check for jack detection In cxprobe, the return value of sndhdajackdetectenablecallback is ignored. This function returns a pointer, and if it fails e.g., due to memory allocation failure, it...

CVE-2025-32394

creationtimestamp| type| source ---|---|--- 2026-06-26 18:22:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp7kta7ha52p...

CVE-2026-44018

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS...

CVE-2026-44018

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS...

CVE-2026-9219

creationtimestamp| type| source ---|---|--- 2026-06-26 02:02:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp5tzhozlw27...

PT-2026-52930

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ALSA hda/conexant component where the cx probe function fails to verify the return value of snd hda jack detect enable callback. This function returns a pointer th...

CVE-2025-71340

CVE-2025-71340 affects the picklescan tool up to version 0.0.26, where malicious pickle files can invoke idlelib.pyshell.ModifiedInterpreter.runcode via reduce , allowing code execution when loaded with pickle.load(). This enables supply‑chain attacks on PyTorch models and saved Python objects. T...

CVE-2026-12975

CVE-2026-12975 affects Apicurio Registry. The flaw is in ContentTypeUtil.isParsableXml(), which creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission (or unauthenticated when the registry runs wit...

Next.js Middleware Authorization Bypass Scanner

This module detects self-hosted Next.js applications affected by CVE-2025-29927, an authorization bypass in the middleware layer. Next.js tags its own internal subrequests with the x-middleware-subrequest header and skips middleware when it sees it. The header is trusted without verifying it...

EUVD-2026-38896

In the Linux kernel, the following vulnerability has been resolved: usb: typec: Fix error pointer dereference The variable tps-partner is checked for an error pointer and then if it is, it sends an error message but does not return and then immediately dereferenced a few lines below: tps-partner ...

CVE-2026-53066

In the Linux kernel, the drm/sun4i backend fixed an error pointer dereference: drm_atomic_get_plane_state() could return an error pointer and was not checked in sun4i_backend_atomic_check(), risking a dereference of plane_state. The issue is resolved by adding an error pointer check. Connected re...

EUVD-2026-38934

In the Linux kernel, the following vulnerability has been resolved: drm/sun4i: backend: fix error pointer dereference The function drmatomicgetplanestate can return an error pointer and is not checked for it. Add error pointer check. Detected by Smatch: drivers/gpu/drm/sun4i/sun4ibackend.c:496...

CVE-2026-9616

creationtimestamp| type| source ---|---|--- 2026-06-24 14:16:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mp24455p5l2g...