kernel: mac80211: fix potential double free on mesh join

In the Linux kernel, the following vulnerability has been resolved: mac80211: fix potential double free on mesh join While commit 6a01afcf8468 "mac80211: mesh: Free ie data when leaving mesh" fixed a memory leak on mesh leave / teardown it introduced a potential memory corruption caused by a doub...

Central Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007

This module enables you to turn a Drupal install into the Central Authentication System CAS. It makes your database the primary location for other systems to use for authentication in a SSO environment. The module doesn't sufficiently sanitize user-supplied field values configured to be included ...

php: heap-based buffer overflow in array_merge()

A flaw was found in PHP. A heap-based buffer overflow occurs in the arraymerge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HTMAXSIZE due to an integer overflow in the precomputation of element counts using the zendhashnumelements function, causi...

CVE-2026-24490 MobSF has Stored XSS via Manifest Analysis - Dialer Code Host Field

MobSF is a mobile application security testing tool used. Prior to version 4.4.5, a Stored Cross-site Scripting XSS vulnerability in MobSF's Android manifest analysis allows an attacker to execute arbitrary JavaScript in the context of a victim's browser session by uploading a malicious APK. The...

php: heap-based buffer overflow in array_merge()

A flaw was found in PHP. A heap-based buffer overflow occurs in the arraymerge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HTMAXSIZE due to an integer overflow in the precomputation of element counts using the zendhashnumelements function, causi...

Exploit for CVE-2026-0920

CVE-2026-0920 Advanced Mass Exploiter Una...

CVE-2026-24556

Missing Authorization vulnerability in wpdive ElementCamp element-camp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementCamp: from n/a through = 2.3.2...

CVE-2025-31413

Cross-Site Request Forgery CSRF vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through = 8.3.13...

CVE-2026-24386

Missing Authorization vulnerability in Element Invader Element Invader – Template Kits for Elementor elementinvader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Invader – Template Kits for Elementor: from n/a through = 1.2.4...

CVE-2026-24556

Missing Authorization vulnerability in wpdive ElementCamp element-camp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementCamp: from n/a through = 2.3.2...

CLSA-2026-1769164564 php: Fix of CVE-2025-14178

CVE-2025-14178: fix heap buffer overflow in arraymerge by preventing integer overflow in precomputation of element counts...

CVE-2026-0776

CVE-2026-0776 concerns the Discord Client and its discord_rpc module , where an uncontrolled search path element allows a local attacker to escalate privileges. The flaw occurs when the client loads a file from an unsecured location, enabling the attacker to run code with the privileges of the ta...

EUVD-2025-206330

A DOM-based Cross-Site Scripting XSS vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the...

PT-2026-4534

Name of the Vulnerable Software and Affected Versions Sourcecodester Domain Availability Checker version 1.0 Description A DOM-based Cross-Site Scripting XSS issue exists in the DomainCheckerApp class within the domain/script.js file. The application does not properly handle user-supplied data in...

CVE-2025-70458

A DOM-based Cross-Site Scripting XSS vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the...

PT-2026-4398

Name of the Vulnerable Software and Affected Versions ElementCamp versions prior to 2.3.3 Description An authorization issue exists in ElementCamp that allows exploitation of incorrectly configured access control security levels. Recommendations Update ElementCamp to a version later than 2.3.2...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004864)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004864 advisory. In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDNdspelementregister Afer commit 1fa5ae857bb1 driver core:...

CVE-2025-70458

CVE-2025-70458 affects Sourcecodester Domain Availability Checker v1.0. The DOM-based XSS exists in DomainCheckerApp (domain/script.js) where createResultElement uses unsafe innerHTML to render domain search results, enabling injection. CVSS 3.1 base score 5.4 (MEDIUM). Remediation: update to a f...

CVE-2026-24386

Missing Authorization vulnerability in Element Invader Element Invader – Template Kits for Elementor elementinvader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Invader – Template Kits for Elementor: from n/a through = 1.2.4...

CVE-2025-31413

Cross-Site Request Forgery CSRF vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through = 8.3.13...