CVE-2026-7465

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server...

tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func()

...

SUSE CVE-2026-46196

In the Linux kernel, the following vulnerability has been resolved: tracepoint: balance regfunc on funcadd failure in tracepointaddfunc When a tracepoint goes through the 0 - 1 transition, tracepointaddfunc invokes the subsystem's ext-regfunc before attempting to install the new probe via funcadd...

CVE-2026-46196

In the Linux kernel, the following vulnerability has been resolved: tracepoint: balance regfunc on funcadd failure in tracepointaddfunc When a tracepoint goes through the 0 - 1 transition, tracepointaddfunc invokes the subsystem's ext-regfunc before attempting to install the new probe via funcadd...

CVE-2026-46196

In the Linux kernel, the following vulnerability has been resolved: tracepoint: balance regfunc on funcadd failure in tracepointaddfunc When a tracepoint goes through the 0 - 1 transition, tracepointaddfunc invokes the subsystem's ext-regfunc before attempting to install the new probe via funcadd...

Ettercap 安全漏洞

Ettercap is an open-source suite designed to protect against man-in-the-middle attacks. It features sniffing of real-time connections and dynamic content filtering. Versions of Ettercap prior to 0.8.3 contained security vulnerabilities. These vulnerabilities stemmed from improper parameter handli...

EUVD-2025-209885

ORSEE Online Recruitment System for Economic Experiments 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field configurations accept values beginning with the prefix "func:" which are passed directly into an eval...

PT-2026-41373

ORSEE Online Recruitment System for Economic Experiments 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field configurations accept values beginning with the prefix "func:" which are passed directly into an eval...

CVE-2025-67031

ORSEE 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field configurations accept values starting with the prefix "func:" , which are passed directly into an eval() call inside tagsets/participant.php and tagsets/o...

PT-2026-39063

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the kthread component. When a kthread exits via make task dead, it bypasses kthread exit, causing the affinity node cleanup to be missed. Consequently,...

Astra Linux – Vulnerability in node-get-func-name

get-func-name is a module that securely and consistently retrieves the name of a function, both in Node.js and in the browser. Versions prior to 2.0.1 are vulnerable to a denial-of-service attack caused by regular expressions, which can lead to a denial of service when parsing malicious input. Th...

CVE-2026-31726

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix NULL pointer dereference during unbind race Commit b81ac4395bbe "usb: gadget: uvc: allow for application to cleanly shutdown" introduced two stages of synchronization waits totaling 1500ms in uvcfunctionunbi...

Cockpit is vulnerable to arbitrary code execution

Cockpit versions 2.13.5 and earlier are vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...

CVE-2026-38992

Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...

CVE-2026-38992

Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...

PT-2026-35924

Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...

CVE-2026-40333

Libgphoto2 (up to v2.5.33) suffers an out‑of‑bounds read in camlibs/ptp2/ptp-pack.c: ptp_unpack_EOS_ImageFormat() and ptp_unpack_EOS_CustomFuncEx() read data without a length check due to a missing parameter, with callers in ptp_unpack_EOS_events() not passing xsize. This unbounded read can lead ...

WordPress plugin OPEN-BRAIN 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

OESA-2026-1726 libxslt security update

Libxslt is the XSLT C library developed for the GNOME project Security Fixes: A flaw was found in the exsltFuncResultComp function of libxslt, which handles EXSLT func:result elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regula...

PT-2026-27012

A vulnerability has been found in code-projects Simple Gym Management System up to 1.0. This affects an unknown part of the file /gym/func.php. Such manipulation of the argument Trainer id/fname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the...