CVE-2026-9619

The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

EUVD-2026-38666

The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

CVE-2026-9619

CVE-2026-9619 affects the Reviews and Rating – Docplanner WordPress plugin, vulnerable in all versions up to 1.1.4 due to insufficient authorization checks for an action (sync_reviews AJAX). This allows authenticated users with subscriber-level access and above to trigger outbound scraping, write...

GeoServer OGC Filter - SQL Injection

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is...

phpVMS < 7.0.6 - Legacy Importer Authorization Bypass

phpVMS 7.0.6 contains an authentication bypass caused by unauthenticated access to a legacy import feature, letting unauthenticated attackers access restricted functionality, exploit requires no special privileges. id: CVE-2026-42569 info: name: phpVMS 7.0.6 - Legacy Importer Authorization Bypass...

XWiki < 4.10.20 - Remote code execution

XWiki is vulnerable to a remote code execution RCE attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user...

CVE-2026-41579 vulnerabilities

Vulnerabilities for packages: buildah-fips, prometheus-podman-exporter, nvidia-container-toolkit, sriov-network-device-plugin, k8s-device-plugin-fips, rancher-agent, podman-fips, node-feature-discovery, sriov-network-device-plugin-fips, k8s-device-plugin, node-feature-discovery-fips...

GHSA-XJVP-4FHW-GC47 vulnerabilities

Vulnerabilities for packages: buildah-fips, prometheus-podman-exporter, nvidia-container-toolkit, sriov-network-device-plugin, k8s-device-plugin-fips, rancher-agent, podman-fips, node-feature-discovery, sriov-network-device-plugin-fips, k8s-device-plugin, node-feature-discovery-fips...

GHSA-XJVP-4FHW-GC47 vulnerabilities

Vulnerabilities for packages: sriov-network-device-plugin, k8s-device-plugin, nvidia-container-toolkit, rancher-agent, node-feature-discovery...

CVE-2026-41579 vulnerabilities

Vulnerabilities for packages: sriov-network-device-plugin, k8s-device-plugin, nvidia-container-toolkit, rancher-agent, node-feature-discovery...

CVE-2026-48939 Joomla Extension - icagenda.com - Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15

A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution...

CVE-2026-48939 Joomla Extension - icagenda.com - Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15

A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution...

PT-2026-51172

Name of the Vulnerable Software and Affected Versions vLLM versions 0.10.2 through 0.12.x Description Multimodal embeddings processing lacks sparse tensor validation. Since PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests containing...

CVE-2026-50519 Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability

...

CVE-2026-48787

CVE-2026-48787 affects gin-vue-admin (AI-assisted basic development platform) in version 2.9.1. An authenticated attacker with access to the code-generation feature and MCP management interface can inject attacker-controlled Go source code via POST /autoCode/addFunc, then trigger a rebuild of the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: rtc: pl031: Fixed the issue of null pointer dereferencing in RTC features. When there is no interrupt line, the RTC alarm feature is disabled. The clearing of the alarm feature bit was performed before allocating the ldata-rtc...

Astra Linux – Vulnerability in Intel Microcode

Improper input validation in the XmlCli feature for UEFI firmware on some Intel processors may allow a privileged user to potentially enable privilege escalation through local access...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fpga: Prevent integer overflow in dflfeatureioctlsetirq The multiplication hdr.count sizeofs32 can cause integer overflow on 32-bit systems, leading to memory corruption. Use arraysize to fix this issue...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed an assertion issue when building the free space tree. When building the free space tree with the block group tree feature enabled, an assertion failure may occur like this: BTRFS info device loop0 state M: rebuilding...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ext4: inline: fix len overflow in ext4prepareInlinedata When running the following code on an ext4 filesystem with the inlinedata feature enabled, the following bug will occur. fd = open"file1", ORDWR | OCREAT | OTRUNC, 0666;...