CVE-2026-46148 spi: microchip-core-qspi: control built-in cs manually

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: control built-in cs manually The coreQSPI IP supports only a single chip select, which is automagically operated by the hardware - set low when the transmit buffer first gets written to and set high when...

EUVD-2026-32775

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: control built-in cs manually The coreQSPI IP supports only a single chip select, which is automagically operated by the hardware - set low when the transmit buffer first gets written to and set high when...

CVE-2026-25546

Godot MCP is a Model Context Protocol MCP server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input e.g., projectPath directly to exec, which...

Command Injection

Overview godot-mcp is a MCP server for interfacing with Godot game engine. Provides tools for launching the editor, running projects, and capturing debug output. Affected versions of this package are vulnerable to Command Injection via the executeOperation function when user-controlled input is...

PT-2026-6322

Name of the Vulnerable Software and Affected Versions Godot MCP versions prior to 0.1.1 Description Godot MCP is a Model Context Protocol MCP server for interacting with the Godot game engine. A command injection issue in godot-mcp allows remote code execution. The executeOperation function passe...

Lack of receive() inside MoneyMarketHook contract when interacting with WNATIVE.

Lines of code Vulnerability details Impact MoneyMarketHook is expected to work with the native balance when interacting with WNATIVE, especially when params.returnNative is set to true during the execute operation. However, due to the lack of a receive function inside the contract, MoneyMarketHoo...

CVE-2022-39070

There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation...

The lazy update of _currentProxies results in non-owners being able to execute functions that require owner privileges

Lines of code Vulnerability details Impact In the MIMOProxyRegistry contract, the getCurrentProxy function returns the address of the mimoProxy contract corresponding to the owner's address in currentProxies. function getCurrentProxyaddress owner external view override returns IMIMOProxy proxy...

CVE-2019-7174

CVE-2019-7174 pertains to Roxy Fileman 1.4.5, where attackers can trigger the server to perform file-management operations via renamefile.php, createdir.php, fileslist.php, and movefile.php. The affected component is the Fileman web interface; the description notes these endpoints can be executed...