CVE-2019-25354 iSmartViewPro 1.3.34 - Denial of Service

iSmartViewPro 1.3.34 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the camera ID input field. Attackers can paste a 257-character buffer into the camera DID and password fields to trigger an application crash on iOS devices...

CVE-2026-23230

In the Linux kernel, the following vulnerability has been resolved: smb: client: split cachedfid bitfields to avoid shared-byte RMW races isopen, haslease and onlist are stored in the same bitfield byte in struct cachedfid but are updated in different code paths that may run concurrently. Bitfiel...

CVE-2026-23230 smb: client: split cached_fid bitfields to avoid shared-byte RMW races

In the Linux kernel, the following vulnerability has been resolved: smb: client: split cachedfid bitfields to avoid shared-byte RMW races isopen, haslease and onlist are stored in the same bitfield byte in struct cachedfid but are updated in different code paths that may run concurrently. Bitfiel...

CVE-2026-23230

In the Linux kernel, the following vulnerability has been resolved: smb: client: split cachedfid bitfields to avoid shared-byte RMW races isopen, haslease and onlist are stored in the same bitfield byte in struct cachedfid but are updated in different code paths that may run concurrently. Bitfiel...

WordPress FluentForm plugin <= 5.1.19 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via Welcome Screen Fields vulnerability discovered by zer0gh0st in WordPress Plugin FluentForm versions = 5.1.19...

CVE-2026-1860

The Kali Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.8. This is due to the getitemspermissionscheck permission callback on the /kaliforms/v1/forms/id REST API endpoint only checking for the editposts capability without...

PT-2026-20537

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a...

Alloksoft WMV to AVI MPEG DVD WMV Converter 缓冲区错误漏洞

Alloksoft WMV to AVI MPEG DVD WMV Converter is a video format conversion tool developed by Alloksoft Corporation. The version 4.6.1217 of Alloksoft WMV to AVI MPEG DVD WMV Converter has a buffer error vulnerability. This vulnerability stems from a buffer overflow in the fields for overwriting the...

CVE-2025-70152

The CVE affects code-projects Community Project Scholars Tracking System 1.0. The vulnerable components are the admin/user management endpoints /admin/save_user.php and /admin/update_user.php, where user-supplied POST fields (firstname, lastname, username, password, user_id) are concatenated into...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the sharing of bit fields with bytes, potentially leading to read-modify-write competition...

CVE-2019-25394

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi script that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted payloads in parameters like INIT, HANGUP, SPEAKERON,...

WordPress Calculated Fields Form plugin <= 5.4.4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by w41bu1 in WordPress Plugin Calculated Fields Form versions = 5.4.4.1...

Linux Distros Unpatched Vulnerability : CVE-2026-23135

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: ath12k: fix dmafreecoherent pointer dmaalloccoherent allocates a DMA mapped buffer and stores the addresses in XXXunaligned fields. Those should be reused...

CVE-2019-25370 OPNsense 19.1 Reflected XSS via interfaces_vlan_edit.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfacesvlanedit.php with script payloads in the tag, descr, or vlanif parameters ...

CVE-2026-1750

The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.0.7. This is due to a missing capability check in the 'savecustomuserprofilefields' function. This makes it possible for authenticated attackers, with...

CVE-2026-23133

In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: fix dmafreecoherent pointer dmaalloccoherent allocates a DMA mapped buffer and stores the addresses in XXXunaligned fields. Those should be reused when freeing the buffer rather than the aligned addresses...

UBUNTU-CVE-2026-23133

In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: fix dmafreecoherent pointer dmaalloccoherent allocates a DMA mapped buffer and stores the addresses in XXXunaligned fields. Those should be reused when freeing the buffer rather than the aligned addresses...

CVE-2026-23135 wifi: ath12k: fix dma_free_coherent() pointer

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix dmafreecoherent pointer dmaalloccoherent allocates a DMA mapped buffer and stores the addresses in XXXunaligned fields. Those should be reused when freeing the buffer rather than the aligned addresses...

CVE-2026-23133

Technical details for CVE-2026-23133 are not publicly provided in the connected documents; the Ubuntu advisories reference it among others but do not expose affected product, impact, or patch specifics. Monitor for updates.

CVE-2019-25327

Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the user ID input field that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the PrimeNet user ID and proxy host fields to trigger a bind shell on port 3110...