ROOT-OS-DEBIAN-11-CVE-2023-4813 CVE-2023-4813 in rootio-glibc - Patched by Root

Root has patched CVE-2023-4813 in the rootio-glibc package for Root:Debian:11. Multiple fixed versions available...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Rejected duplicate devices during updates. It is possible for a chain/flowtable update to include duplicate devices within the same batch. Unfortunately, the netdev event path only removes the first device...

KLA90832 SB vulnerability in Microsoft Browser

Security vulnerability was found in Microsoft Browser. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories CVE-2026-0628 Exploitation Public exploits exist for this vulnerability. Related products Microsoft-Edge CVE list CVE-2026-0628 critical KB li...

PT-2026-8122

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a flaw where duplicate registrations of pins were permitted. Specifically, the dpll xa ref dpll add and dpll xa ref pin add functions allowed multiple...

CVE-2025-62847 QTS, QuTS hero

An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to alter execution logic. We have already fixed the vulnerability in the following versions: QTS...

SUSE CVE-2025-40160

In the Linux kernel, the following vulnerability has been resolved: xen/events: Return -EEXIST for bound VIRQs Change findvirq to return -EEXIST when a VIRQ is bound to a different CPU than the one passed in. With that, remove the BUGON from bindvirqtoirq to propogate the error upwards. Some VIRQ...

EUVD-2025-124923

In the Linux kernel, the following vulnerability has been resolved: xen/events: Return -EEXIST for bound VIRQs Change findvirq to return -EEXIST when a VIRQ is bound to a different CPU than the one passed in. With that, remove the BUGON from bindvirqtoirq to propogate the error upwards. Some VIRQ...

UBUNTU-CVE-2025-40160

In the Linux kernel, the following vulnerability has been resolved: xen/events: Return -EEXIST for bound VIRQs Change findvirq to return -EEXIST when a VIRQ is bound to a different CPU than the one passed in. With that, remove the BUGON from bindvirqtoirq to propogate the error upwards. Some VIRQ...

UBUNTU-CVE-2025-40067

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist Index allocation requires at least one bit in the $BITMAP attribute to track usage of index entries. If the bitmap is empty while index blocks are already...

CVE-2025-40067

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist Index allocation requires at least one bit in the $BITMAP attribute to track usage of index entries. If the bitmap is empty while index blocks are already...

CVE-2025-11823

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttonexisttext' parameter in the 'wishsuitebutton' shortcode in all versions up to, and including, 3.2.4 due to insufficient...

CVE-2025-11823 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttonexisttext' parameter in the 'wishsuitebutton' shortcode in all versions up to, and including, 3.2.4 due to insufficient...

CVE-2025-11823

CVE-2025-11823 concerns ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules (WordPress). Wordfence and patch sources indicate a Stored Cross-Site Scripting vulnerability via the shortcodes parameter button_exist_text in wishsuite_button, exploitable on all versions up to and in...

CVE-2025-34255

D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses...

CVE-2025-34255 D-Link Nuclias Connect <= v1.3.1.4 Forgot Password Account Enumeration

D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses...

CVE-2025-45994

An issue in Aranda PassRecovery v1.0 allows attackers to enumerate valid user accounts in Active Directory via sending a crafted POST request to /user/existdirectory/1...

CLSA-2025-1758135826 grafana: Fix of CVE-2022-39307

CVE-2022-39307: fix omit error from http response when user does not exist...

Malicious code in exist-buffalo-industrial (npm)

The package exist-buffalo-industrial was found to contain malicious code...

MAL-2025-44194 Malicious code in exist-buffalo-industrial (npm)

The package exist-buffalo-industrial was found to contain malicious code...

CVE-2025-8088 WinRAR Exploit: From Zero-Day to Zero-Risk with TruRisk™ Eliminate

The Risk Behind the WinRAR Vulnerability A newly disclosed path traversal vulnerability CVE-2025-8088 in WinRAR leaves millions of Windows systems exposed to attack. This flaw enables adversaries to craft malicious archives that bypass the user’s chosen extraction path, forcing files into...