3808 matches found
CVE-2026-15286 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.5.32 - Incorrect Authorization to Authenticated (Contributor+) Post Publication
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to unauthorized post publication in all versions up to, and including, 3.5.32 due to a misconfigured capability check on the 'getitemspermissioncheck' function permission callback of the...
PYSEC-2026-941 `CHECK` fail via inputs in `SdcaOptimizer`
Impact Inputs densefeatures or examplestatedata not of rank 2 will trigger a CHECK fail in SdcaOptimizer. python import tensorflow as tf tf.rawops.SdcaOptimizer sparseexampleindices=4 tf.random.uniform5,5,5,3, dtype=tf.dtypes.int64, maxval=100, sparsefeatureindices=4 tf.random.uniform5,5,5,3,...
PYSEC-2026-1038 TensorFlow vulnerable to segfault in `QuantizedRelu` and `QuantizedRelu6`
Impact If QuantizedRelu or QuantizedRelu6 are given nonscalar inputs for minfeatures or maxfeatures, it results in a segfault that can be used to trigger a denial of service attack. python import tensorflow as tf outtype = tf.quint8 features = tf.constant28, shape=4,2, dtype=tf.quint8 minfeatures...
CVE-2026-7185
CVE-2026-7185 concerns TAO 2.0 suite web features for file management/upload that suffer a validation vulnerability allowing an attacker with access to the feature to attempt to access file system resources outside the intended scope. Affected: TAO 2.0 web components handling file operations. Roo...
CVE-2026-7185 Unauthorized access to files in T-Systems products
A validation vulnerability has been identified in certain web features related to file management or upload in several products of the TAO 2.0 suite. This vulnerability could allow an attacker capable of interacting with the affected feature to attempt to access file system resources outside the...
EUVD-2026-41874
A validation vulnerability has been identified in certain web features related to file management or upload in several products of the TAO 2.0 suite. This vulnerability could allow an attacker capable of interacting with the affected feature to attempt to access file system resources outside the...
[SECURITY] Fedora 44 Update: openvpn-2.7.5-1.fc44
OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...
CVE-2026-57737
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Averta LTD Shortcodes and extra features for Phlox theme allows DOM-Based XSS. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.16...
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.21 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.21...
PT-2026-54834
Name of the Vulnerable Software and Affected Versions MCO version 25.3.3.1 Description The application is susceptible to user enumeration via authentication-related features. During password reset and username reminder operations, the system provides different responses depending on whether the...
PT-2026-54866
Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Improper input validation in the Fleet policy management functionality allows an authenticated user to submit specially crafted input. This can lead to a denial of service, rendering the Fleet...
[SECURITY] Fedora 43 Update: lighttpd-1.4.84-1.fc43
lighttpd pronounced /lighty/ is a secure, fast, compliant, and very flexible web server that has been optimized for high-performance environments. lighttpd uses memory and CPU efficiently and has lower resource use than other popular web servers. Its advanced feature-set FastCGI, CGI, Auth,...
MAL-2026-6531 Malicious code in @appupdate/cdn-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 445a7b613694730e29915d732e3df0700d145622b279b62b0a141c76211e6f14 Package @appupdate/cdn-sync ships as a thin koffi wrapper around prebuilt Go cgo native libraries 12MB linux.so, 11MB darwin.dylib for x64/arm64. The...
Security Bulletin: IBM Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a prototype pollution vulnerability due to immutable (CVE-2026-29063)
Summary There is a vulnerability in the immutable library which affects IBM WebSphere Application Server Liberty with the openapi-3.0, openapi-3.1, mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0 mpOpenAPI-3.1, mpOpenAPI-4.0 or mpOpenAPI-4.1 feature enabled. Following IBM Engineering...
org.keycloak.keycloak-services: Improper Access Control on Keycloak Server when the account Account API feature is disabled
When Keycloak is started with --features-disabled=account,account-api, the Account REST API is only partially disabled. Five endpoints under the versioned path /account/v1alpha1 remain fully functional — including both read and write operations — because they lack the checkAccountApiEnabled gate...
UBUNTU-CVE-2026-53142
In the Linux kernel, the following vulnerability has been resolved: drm/xe/display: fix oops in suspend/shutdown without display The xe driver keeps track of whether to probe display, and whether display hardware is there, using xe-info.probedisplay. It gets set to false if there's no display aft...
CVE-2026-53142 drm/xe/display: fix oops in suspend/shutdown without display
In the Linux kernel, the following vulnerability has been resolved: drm/xe/display: fix oops in suspend/shutdown without display The xe driver keeps track of whether to probe display, and whether display hardware is there, using xe-info.probedisplay. It gets set to false if there's no display aft...
CVE-2026-53142 drm/xe/display: fix oops in suspend/shutdown without display
In the Linux kernel, the following vulnerability has been resolved: drm/xe/display: fix oops in suspend/shutdown without display The xe driver keeps track of whether to probe display, and whether display hardware is there, using xe-info.probedisplay. It gets set to false if there's no display aft...
PT-2026-52238
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the xe driver during suspend or shutdown when no display is present. The driver uses the xe-info.probe display variable to track display hardware...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: BPF: Do not allow BPF test infra to emit invalid GSO types to the stack. Yinhao et al. reported that their fuzzer tool was able to trigger the skbwarnbadoffload function from netifskbfeatures - gsofeaturescheck. When a BPF progra...