CVE-2026-3170

CVE-2026-3170 affects SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0; vulnerability located in an unknown function of /patient-search.php. Manipulation of First Name/Last Name can trigger cross-site scripting, with remote attack capability and a public exploit refe...

PT-2026-21886

A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected is an unknown function of the file /patient-search.php. The manipulation of the argument First Name/Last Name results in cross site scripting. The attack can be executed...

CVE-2026-27467 BigBlueButton: Audio from participants to the server initially unmuted

BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the microphone muted, the client sends audio to the server regardless of mute state. Media is discarded at the server side, so it isn't audible to any participants, but this may allo...

CVE-2026-27506

SVXportal before or equal to version 2.5 contains a stored XSS in the profile update flow (user_settings.php -> admin/update_user.php). Authenticated users can inject HTML/JavaScript into profile fields (Firstname, lastname, email, image_url) that are rendered uncoded in the admin interface (a...

Advanced BLE Scanner with RPA / IRK Tracking

A Bluetooth Low Energy BLE scanner for Flipper Zero that supports Resolvable Private Address RPA resolution. It discovers nearby BLE devices, tracks each device by MAC address, logs signal strength RSSI history, device name, first/last seen timestamps, and packet count. The scanner features a...

ROS-20260220-73-0011

A vulnerability in the hdrfirstde function of the ntfs3 component of the Linux kernel is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

GHSA-RQ6G-PX6M-C248 OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting

Summary When multiple Google Chat webhook targets are registered on the same HTTP path, and request verification succeeds for more than one target, inbound webhook events could be routed by first-match semantics. This can cause cross-account policy/context misrouting. Affected Packages / Versions...

PT-2026-20370

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description OpenClaw is a personal AI assistant that utilizes discovery beacons Bonjour/mDNS and DNS-SD which include TXT records such as lanHost, tailnetDns, gatewayPort, and gatewayTlsSha256. These TXT...

USN-8046-1: FRR vulnerabilities

It was discovered that FRR incorrectly handled certain malformed OSPF and update packets. A remote attacker could possibly use these issues to cause FRR to crash, resulting in a denial of service...

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

PortSwigger Web Security: HTML Injection in DAST Trial Request Form Confirmation Email – PortSwigger

A vulnerability was discovered in the DAST trial request form on the website, where user input in the "First Name" field was not properly sanitized before being included in confirmation emails. This allowed the injection of arbitrary HTML content, which would be rendered in the recipient's email...

CVE-2025-13681

The BFG Tools – Extension Zipper plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.0.7. This is due to insufficient input validation on the user-supplied firstfile parameter in the zip function. This makes it possible for authenticated attackers, with...

CVE-2025-13681 BFG Tools – Extension Zipper <= 1.0.7 - Authenticated (Administrator+) Path Traversal via 'first_file' Parameter

The BFG Tools – Extension Zipper plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.0.7. This is due to insufficient input validation on the user-supplied firstfile parameter in the zip function. This makes it possible for authenticated attackers, with...

CVE-2025-13681

CVE-2025-13681 affects the WordPress plugin BFG Tools – Extension Zipper (versions

WordPress plugin BFG Tools – Extension Zipper 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress BFG Tools - Extension Zipper plugin <= 1.0.7 - Authenticated (Administrator+) Path Traversal via 'first_file' Parameter vulnerability

WordPress BFG Tools - Extension Zipper plugin = 1.0.7 - Authenticated Administrator+ Path Traversal via 'firstfile' Parameter vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin BFG Tools – Extension Zipper versions = 1.0.7...

The Agile FedRAMP Playbook, Part 1: Why Risk is Your Best Starting Point

Compliance shouldn't mean a standstill for innovation. The first of our four-part series explores how Wiz quickly reached FedRAMP High through a "risk-first" philosophy. In parts 2-4 we’ll explore how Wiz helps with FedRAMP requirements through proactive, preventative, and reactive risk managemen...

[SECURITY] Fedora 43 Update: rust-pleaser-0.5.6-6.fc43

Please, a polite regex-first sudo alternative...