Improper Isolation or Compartmentalization

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization through the NodeVM constructor in lib/nodevm.js. An attacker can run host commands when th...

Linux Distros Unpatched Vulnerability : CVE-2026-43188

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ceph: do not propagate page array emplacement errors as batch errors When fscrypt is enabled, movedirtyfolioinpagearray may fail because it needs to allocate...

misp-modules website - Missing CSRF protection in the website home blueprint

A Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerability was due to the home blueprint being exempted from CSRF protection. This could allow modification of sessi...

Directory Traversal

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Directory Traversal in the deleteClientFolder process. An attacker can delete arbitrary directories on the server by submitting a crafted URL containing...

CVE-2026-43188

In the Linux kernel, the following vulnerability has been resolved: ceph: do not propagate page array emplacement errors as batch errors When fscrypt is enabled, movedirtyfolioinpagearray may fail because it needs to allocate bounce buffers to store the encrypted versions of each folio. Each foli...

CVE-2026-23928

A flaw was found in Zabbix. The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This Cross-Site Scripting XSS vulnerability allows an attacker, who controls a monitored host, to inject malicious JavaScript. Wh...

CVE-2026-43188 ceph: do not propagate page array emplacement errors as batch errors

In the Linux kernel, the following vulnerability has been resolved: ceph: do not propagate page array emplacement errors as batch errors When fscrypt is enabled, movedirtyfolioinpagearray may fail because it needs to allocate bounce buffers to store the encrypted versions of each folio. Each foli...

CVE-2026-43179

In the Linux kernel, the following vulnerability has been resolved: erofs: fix incorrect early exits for invalid metabox-enabled images Crafted EROFS images with metadata compression enabled can trigger incorrect early returns, leading to folio reference leaks. However, this does not cause system...

CVE-2026-23928

CVE-2026-23928 describes a stored XSS in Zabbix widgets: the Item history widget (7.0+) or the Plain text widget (6.0) can execute injected JavaScript when HTML display is enabled. The attacker must supply the malicious script from a monitored host, and the impact varies by user viewing a dashboa...

PT-2026-37519

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Crafted EROFS images with metadata compression enabled can trigger incorrect early returns, which leads to folio reference leaks. Folio reference leaks occur when the system fails to...

CVE-2026-39849

Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. In versions before 6.6.1, the dns.interface configuration field in Pi-hole FTL accepted newline characters without validation, allowing an attacker to inject arbitrary directives into the generated...

Hysteria: A specially constructed quic package can crash the server OOM when the sniff is enabled

Summary A specially constructed quic package can crash the server OOM when the sniff is enabled. Details When the server has sniff enabled, a valid connection can request the server to forward UDP traffic and construct a huge crypto length. The server will allocate memory according to this length...

Improper Enforcement of Behavioral Workflow

Overview ethyca-fides is an Open-source ecosystem for data privacy as code. Affected versions of this package are vulnerable to Improper Enforcement of Behavioral Workflow in the privacy request approval process when both subjectidentityverificationrequired and...

wireshark-mcp vulnerable to arbitrary file write via export_objects when WIRESHARK_MCP_ALLOWED_DIRS is not configured

Description Impact wireshark-mcp exposes a wiresharkexportobjects MCP tool that accepts an attacker-controlled destdir parameter and passes it to tshark's --export-objects flag with no mandatory path restriction. The path sandbox alloweddirs is None by default and only activates when the...

CVE-2026-43569

OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are automatically...

PT-2026-37337

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.1 Description When a NodeVM is created with the nesting variable set to true, sandbox code can unconditionally use require'vm2' regardless of the outer VM's require configuration, including when require is set to...

Distribution's tag deletion bypasses `storage.delete.enabled` configuration

Summary Tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has explicitly disabled deletion. Details When storage.delete.enabled is configured to false,...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the DeleteManifest process. An attacker can remove tags from repositories by sending a DELETE request to the relevant API endpoint, even when deletion has been explicitly disabled in the configuration. Th...

GHSA-6PJF-3R9X-M592 Distribution's tag deletion bypasses `storage.delete.enabled` configuration

Summary Tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has explicitly disabled deletion. Details When storage.delete.enabled is configured to false,...

CVE-2026-3504

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/id/reviews' REST API endpoint. This is due to the 'preparereviewsforresponse' method...