EUVD-2025-210054

A divide-by-zero vulnerability in the ext4blocksetlbsize function in src/ext4blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 filesystem image that results in a zero logical block size. The vulnerability is triggered during mount o...

Malicious Package

Overview @cloudplatform-single-spa/floating-ips is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

SUSE SLES15 Security Update : xen (SUSE-SU-2026:2102-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2102-1 advisory. This update for xen fixes the following issues - CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053...

SUSE-SU-2026:2102-1 Security update for xen

This update for xen fixes the following issues - CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053 bsc1262428. - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264066. - CVE-2026-23557: Xenstored DoS via XSRESETWATCHES command bsc1262178. - CVE-2026-23558:...

SUSE-SU-2026:2066-1 Security update for xen

This update for xen fixes the following issues - CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053 bsc1262428. - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264066. - CVE-2026-23557: Xenstored DoS via XSRESETWATCHES command bsc1262178. - CVE-2026-23558:...

CVE-2026-4811

CVE-2026-4811 affects the WordPress plugin WPB Floating Menu & Categories (Sticky Floating Side Menu & Categories with Icons). All versions up to 1.0.8 are vulnerable to Stored Cross-Site Scripting via the Icon CSS Class category field due to insufficient input sanitization and output escaping. E...

CVE-2026-4811 WPB Floating Menu or Categories – Sticky Floating Side Menu & Categories with Icons <= 1.0.8 - Authenticated (Editor+) Stored Cross-Site Scripting via 'Icon CSS Class' Category Field

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

CVE-2026-4811 WPB Floating Menu or Categories – Sticky Floating Side Menu & Categories with Icons <= 1.0.8 - Authenticated (Editor+) Stored Cross-Site Scripting via 'Icon CSS Class' Category Field

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

PT-2026-42393

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

WordPress plugin wpb-floating-menu-or-categories 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress WPB Floating Menu or Categories – Sticky Floating Side Menu & Categories with Icons plugin <= 1.0.8 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability

Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by BaroHaf - fpt in WordPress Plugin WPB Floating Menu or Categories – Sticky Floating Side Menu & Categories with Icons versions = 1.0.8...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state There are several issues with the way the hyp code lazily saves the host’s FPSIMD/SVE state. These include: The host SVE state is unexpectedly discarded due to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: The dcn301calculatewmanddlg function for the FPU is wrapped around. The logic for this function mirrors that of dcn30. This fix results in a lot of WARN messages and some kernel panics...

Astra Linux - уязвимость в openexr

A flaw was discovered in OpenEXR’s TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image file to have it processed by OpenEXR, resulting in a floating-point exception error. The greatest threat posed by this vulnerability is to system availabili...

Astra Linux - уязвимость в poppler, poppler-22

A floating-point exception in the PSStack::roll function of Poppler before version 25.04.0 can cause an application to crash when handling malformed inputs associated with INTMIN...

Astra Linux - уязвимость в espeak-ng

It was discovered that Espeak-ng 1.52-dev contains a Floating Point Exception due to the use of the PeaksToHarmspect function in wavegen.c...

Astra Linux - уязвимость в firefox

A transient execution vulnerability, named Floating Point Value Injection FPVI, allowed attackers to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. A related vulnerability, Speculative Code Store Bypass SCSB, did not affect Firefox. This vulnerability affect...

Auditing Apple'S DifferentialPrivacy.Framework: Implementation Bugs, Misconfigurations, and Practical Risks

Since 2016, Apple has claimed that device analytics collected to improve user experience are protected by differential privacy DP. Apple's DifferentialPrivacy.framework is deployed across its operating systems and handles sensitive signals such as Safari domains, keyboard events, photo attributes...

Fedora 42 : xen (2026-0c9aff64a5)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-0c9aff64a5 advisory. oxenstored keeps quota related use counts across domain destruction XSA-483, CVE-2026-23556 Xenstored DoS via XSRESETWATCHES command XSA-484,...

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017766)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017766 advisory. In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c. Tenable has extracted the...