Apache ActiveMQ - Remote Code Execution via HTTP Discovery Transport Bypass

Apache ActiveMQ before 5.19.6 and 6.0.0 through 6.2.4 is vulnerable to remote code execution via a bypass of the CVE-2026-34197 security fix. The original fix blocked the "vm://" transport scheme in BrokerView.addNetworkConnector and BrokerView.addConnector to prevent authenticated attackers from...

EUVD-2026-39776

When used to deliver a signal to a specific thread, thrkill22 called pcansignal to determine whether the operation was permitted but did not check the result before delivering the signal. The signal was sent even when the permission check failed. The system call returned the resulting error to th...

WordPress Majestic Support plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by William Matos in WordPress Plugin Majestic Support versions = 1.1.7...

WordPress Kirki plugin <= 6.0.11 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Kirki versions = 6.0.11...

CVE-2026-53275

A flaw was found in the Linux kernel's IPv6 multicast mcast component. When processing Multicast Listener Discovery MLD queries, a pointer to the multicast group address is not correctly reloaded after certain packet manipulations. This can lead to a use-after-free vulnerability, potentially...

CVE-2026-12755

Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...

EUVD-2026-39386

Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...

CVE-2026-12755

Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...

CVE-2026-12755

CVE-2026-12755 affects Devolutions Server 2026.2.4.0–2026.2.7.0. It is caused by improper input validation in the PAM AD discovery endpoints. An authenticated user with the UserGroupsView permission can coerce server-side authentication to an attacker-controlled host, exposing PAM provider creden...

EUVD-2026-39226

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Fix use-after-free when processing MLD queries When processing an MLD query, a pointer to the multicast group address is retrieved when initially parsing the packet. This pointer is later dereferenced without being...

CVE-2026-53275

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Fix use-after-free when processing MLD queries When processing an MLD query, a pointer to the multicast group address is retrieved when initially parsing the packet. This pointer is later dereferenced without being...

Apache ActiveMQ - Remote Code Execution

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

CVE-2026-12094

creationtimestamp| type| source ---|---|--- 2026-06-24 20:16:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mp2q7ulukj2g...

Important: Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage

A Subscription Management tool for finding and reporting Red Hat product usage Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their...

WordPress Quick Interest Slider plugin <= 3.1.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by hivesec in WordPress Plugin Quick Interest Slider versions = 3.1.6...

GHSA-XJVP-4FHW-GC47 vulnerabilities

Vulnerabilities for packages: node-feature-discovery-fips, k8s-device-plugin-fips, nvidia-container-toolkit, sriov-network-device-plugin-fips, buildah-fips, k8s-device-plugin, cadvisor-fips, gpu-operator-fips, nvidia-container-toolkit-fips, podman-fips, prometheus-podman-exporter, rancher,...

CVE-2026-41579 vulnerabilities

Vulnerabilities for packages: node-feature-discovery-fips, k8s-device-plugin-fips, nvidia-container-toolkit, sriov-network-device-plugin-fips, buildah-fips, k8s-device-plugin, cadvisor-fips, gpu-operator-fips, nvidia-container-toolkit-fips, podman-fips, prometheus-podman-exporter, rancher,...

CVE-2026-41579 vulnerabilities

Vulnerabilities for packages: cadvisor, rancher, rancher-agent, sriov-network-device-plugin, k8s-device-plugin, node-feature-discovery, nvidia-container-toolkit...

GHSA-XJVP-4FHW-GC47 vulnerabilities

Vulnerabilities for packages: cadvisor, rancher, rancher-agent, sriov-network-device-plugin, k8s-device-plugin, node-feature-discovery, nvidia-container-toolkit...

WordPress MotorDesk plugin <= 1.1.2 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by swat in WordPress Plugin MotorDesk versions = 1.1.2...