CVE-2026-8477

Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensitive data without triggering the unseal audit notification via a crafted API request. This issue...

CVE-2026-9251

The CVE-2026-9251 issue affects Devolutions Server versions 2026.1.6.0–2026.1.16.0 and 2025.3.20.0 and earlier. The vulnerability arises from missing authorization in the entry status management feature, allowing a non-administrator authenticated user to bypass the administrator-enforced Pending ...

CVE-2026-9251

Missing authorization in the entry status management feature in Devolutions Server allows a non-administrator authenticated user to bypass the administrator-enforced Pending Approval flow and gain access to an entry's data via a crafted status change request. This issue affects : Devolutions Serv...

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server from 2026.1.6.0 to 2026.1.16.0, as well as versions prior to 2025.3.20.0, have security...

Astra Linux - уязвимость в libmaxminddb

In libmaxminddb before version 1.4.3, there is a heap-based buffer over-read issue in dumpentrydatalist in maxminddb.c...

CVE-2026-5109

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation and output escaping of Product Option field values. The vulnerability exists because the state validation function accepts submitted...

WordPress plugin Gravity Forms 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2026-0633

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.1.0. This is due to the use of a forgeable cookie value derived only from the entry ID and current user ID without...

PT-2026-4593

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.1.0. This is due to the use of a forgeable cookie value derived only from the entry ID and current user ID without...

MiracleLinux 8 : libmaxminddb-1.2.0-10.el8_9.1 (AXSA:2024-7509:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7509:01 advisory. libmaxminddb: improper initialization in dumpentrydatalist in maxminddb.c CVE-2020-28241 Tenable has extracted the preceding description block directly from...

EUVD-2025-7170

Malicious code in bioql PyPI...

GHSA-FVP7-JJ9M-3QPF Liferay Portal's Incorrect Authorization vulnerability can lead to guest users to obtaining sensitive data

An Improper Access Control vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.8, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows guest users to obtain object entry information via the API Builder...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads

...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: net/niu: Niu requires MSIX ENTRYDATA fields touch before entry reads Fix niutrymsix to not cause a fatal trap on sparc systems. Set PCIDEVFLAGSMSIXTOUCHENTRYDATAFIRST on the struct pcidev to work around a bug in the hardware or...

SUSE CVE-2025-37833

In the Linux kernel, the following vulnerability has been resolved: net/niu: Niu requires MSIX ENTRYDATA fields touch before entry reads Fix niutrymsix to not cause a fatal trap on sparc systems. Set PCIDEVFLAGSMSIXTOUCHENTRYDATAFIRST on the struct pcidev to work around a bug in the hardware or...

DEBIAN-CVE-2025-37833

In the Linux kernel, the following vulnerability has been resolved: net/niu: Niu requires MSIX ENTRYDATA fields touch before entry reads Fix niutrymsix to not cause a fatal trap on sparc systems. Set PCIDEVFLAGSMSIXTOUCHENTRYDATAFIRST on the struct pcidev to work around a bug in the hardware or...

UBUNTU-CVE-2025-37833

In the Linux kernel, the following vulnerability has been resolved: net/niu: Niu requires MSIX ENTRYDATA fields touch before entry reads Fix niutrymsix to not cause a fatal trap on sparc systems. Set PCIDEVFLAGSMSIXTOUCHENTRYDATAFIRST on the struct pcidev to work around a bug in the hardware or...

PT-2025-20362

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.11.5 Description A vulnerability in the Linux kernel has been resolved, specifically in the net/niu component. The issue arises when the MSIX ENTRY DATA fields are not touched before entry reads, causing a fata...

CVE-2025-2565

The data exposure vulnerability in Liferay Portal 7.4.0 through 7.4.3.126, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92 allows an unauthorized user to obtain entry data...