CVE-2026-9619

CVE-2026-9619 affects the Reviews and Rating – Docplanner WordPress plugin, vulnerable in all versions up to 1.1.4 due to insufficient authorization checks for an action (sync_reviews AJAX). This allows authenticated users with subscriber-level access and above to trigger outbound scraping, write...

GHSA-XJVP-4FHW-GC47 vulnerabilities

Vulnerabilities for packages: buildah-fips, prometheus-podman-exporter, nvidia-container-toolkit, sriov-network-device-plugin, k8s-device-plugin-fips, rancher-agent, podman-fips, node-feature-discovery, sriov-network-device-plugin-fips, k8s-device-plugin, node-feature-discovery-fips...

CVE-2026-41579 vulnerabilities

Vulnerabilities for packages: buildah-fips, prometheus-podman-exporter, nvidia-container-toolkit, sriov-network-device-plugin, k8s-device-plugin-fips, rancher-agent, podman-fips, node-feature-discovery, sriov-network-device-plugin-fips, k8s-device-plugin, node-feature-discovery-fips...

GHSA-XJVP-4FHW-GC47 vulnerabilities

Vulnerabilities for packages: sriov-network-device-plugin, k8s-device-plugin, nvidia-container-toolkit, rancher-agent, node-feature-discovery...

CVE-2026-41579 vulnerabilities

Vulnerabilities for packages: sriov-network-device-plugin, k8s-device-plugin, nvidia-container-toolkit, rancher-agent, node-feature-discovery...

phpVMS < 7.0.6 - Legacy Importer Authorization Bypass

phpVMS 7.0.6 contains an authentication bypass caused by unauthenticated access to a legacy import feature, letting unauthenticated attackers access restricted functionality, exploit requires no special privileges. id: CVE-2026-42569 info: name: phpVMS 7.0.6 - Legacy Importer Authorization Bypass...

CVE-2026-48939 Joomla Extension - icagenda.com - Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15

A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution...

CVE-2026-48939 Joomla Extension - icagenda.com - Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15

A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution...

PT-2026-51172

Name of the Vulnerable Software and Affected Versions vLLM versions 0.10.2 through 0.12.x Description Multimodal embeddings processing lacks sparse tensor validation. Since PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests containing...

CVE-2026-50519 Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability

...

CVE-2026-48787

CVE-2026-48787 affects gin-vue-admin (AI-assisted basic development platform) in version 2.9.1. An authenticated attacker with access to the code-generation feature and MCP management interface can inject attacker-controlled Go source code via POST /autoCode/addFunc, then trigger a rebuild of the...

Astra Linux – Vulnerability in Intel Microcode

Improper input validation in the XmlCli feature for UEFI firmware on some Intel processors may allow a privileged user to potentially enable privilege escalation through local access...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fpga: Prevent integer overflow in dflfeatureioctlsetirq The multiplication hdr.count sizeofs32 can cause integer overflow on 32-bit systems, leading to memory corruption. Use arraysize to fix this issue...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed an assertion issue when building the free space tree. When building the free space tree with the block group tree feature enabled, an assertion failure may occur like this: BTRFS info device loop0 state M: rebuilding...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Networks: Fixed a stack overflow issue when LRO is disabled for virtual interfaces. When the features of a virtual interface are updated, the updated features are synchronized with its underlying interfaces. This synchronization...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ext4: inline: fix len overflow in ext4prepareInlinedata When running the following code on an ext4 filesystem with the inlinedata feature enabled, the following bug will occur. fd = open"file1", ORDWR | OCREAT | OTRUNC, 0666;...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: dccp: A memory leak has been fixed in dccpfeatchangerecv. If dccpfeatpushconfirm fails after a new value for the SP feature is accepted, without reconciliation i.e., when entry == NULL, the memory allocated for that value never...

CVE-2026-10779

CVE-2026-10779 affects the WordPress Classified Listing plugin (versions

Security Bulletin: OpenSSH client bug (CVE-2016-0777 and CVE-2016-0778)

Question Security Bulletin: OpenSSH client bug CVE-2016-0777 and CVE-2016-0778 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All...

WordPress Classified Listing – AI-Powered Classified ads & Business Directory plugin <= 5.4.2 - Missing Authorization to Authenticated (Subscriber+) Feature Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Feature Modification vulnerability discovered by Ben Tamam Ben Tamam in WordPress Plugin Classified Listing versions = 5.4.2...