CVE-2026-30363

flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a TOCTOU race condition in the tpacketsnd function’s mmap d vnethdr operation. This vulnerability...

PT-2026-36374

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The tegra crypto driver fails to set the CRYPTO ALG ASYNC flag on its asynchronous algorithms. This causes the crypto API to incorrectly select these algorithms for users requesting only...

PT-2026-36358

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the usb gadget f subset component where the net device is allocated during function instance creation and registered during the bind phase with the gadget device as it...

CVE-2026-37538

Buffer overflow vulnerability in socketcand 0.4.2 in file socketcand.c in function main allows attackers to cause a denial of service or other unspecified impacts via crafted busname...

CVE-2026-42474

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...

EUVD-2026-26705

flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function...

PT-2026-36534

Name of the Vulnerable Software and Affected Versions Flipperzero firmware affected versions not specified Description A stack overflow exists in the Main function, which allows attackers to execute arbitrary code. This issue is currently being exploited in real-world incidents. Recommendations A...

PT-2026-36483

A flaw has been found in Open5GS up to 2.7.7. This issue affects the function bsf sess find by ipv6prefix of the file /src/bsf/context.c of the component BSF. This manipulation of the argument ipv6Prefix causes denial of service. It is possible to initiate the attack remotely. The exploit has bee...

PT-2026-36322

A security vulnerability has been detected in alexta69 MeTube up to 2026.04.09. This affects the function on prepare of the file app/main.py of the component CORS Policy. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack is possible to be carried out...

CVE-2026-42475

MixPHP Framework 2.x (up to 2.2.17) is affected by an SQL injection vulnerability in BuildHelper.php (joinOn) triggered by a crafted on array in BuildHelper.php. Root cause is unsafe handling of input in the join condition, enabling an attacker to affect the database query, with the reported CVSS...

PT-2026-36416

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The drm compat ioctl path accepts a user-controlled pointer and dereferences it into a table of function pointers. This pattern is characteristic of Spectre problems, which are...

WordPress plugin Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2026-26676

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted on array to the joinOn function in BuildHelper.php...

PT-2026-36512

Name of the Vulnerable Software and Affected Versions socketcand version 0.4.2 Description A buffer overflow occurs in the main function within the socketcand.c file. This issue allows attackers to cause a denial of service or other unspecified impacts by using a crafted bus name variable...

PT-2026-36361

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition in the USB gadget UVC USB Video Class component can lead to a NULL pointer dereference. During power management transitions, the wait event interruptible timeout functio...

PT-2026-36396

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the mpu3050 gyro driver. This occurs because the iio device register function is not called at the end of the probe function. Recommendations Move the iio devi...

PT-2026-36520

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8 Description A remote denial of service can be triggered in the AMF component. The issue exists within the amf nsmf pdusession handle update sm context function located in the /src/amf/nsmf-handler.c file...

CVE-2026-42475

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted on array to the joinOn function in BuildHelper.php...

PT-2026-36548

Name of the Vulnerable Software and Affected Versions nextlevelbuilder ui-ux-pro-max-skill versions prior to 2.5.1 Description A remote cross-site scripting issue exists in the Slide Generator component. The problem occurs within the data.get function of the...