8992 matches found
Security Bulletin: Multiple Vulnerabilities in bcprov package bundled with IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage include bcprov library, which is susceptible to use of broken cryptographic algorithm, Improper neutralization, covert timing channel vulnerabilities CVE-2025-14813, CVE-2026-0636, CVE-2026-5598...
CVE-2026-56008
Contributor Privilege Escalation in Fusion Builder = 3.15.4 versions...
CVE-2026-56008 WordPress Fusion Builder plugin <= 3.15.4 - Privilege Escalation vulnerability
Contributor Privilege Escalation in Fusion Builder = 3.15.4 versions...
CVE-2026-56008
CVE-2026-56008 affects WordPress Fusion Builder plugin versions
EUVD-2026-39685
Contributor Privilege Escalation in Fusion Builder = 3.15.4 versions...
PT-2026-52739
Name of the Vulnerable Software and Affected Versions Fusion Builder versions prior to 3.15.5 Description A privilege escalation issue exists that allows a user with Contributor permissions to elevate their privileges. Recommendations Update to a version newer than 3.15.4...
CVE-2026-53143
A flaw was found in the Linux kernel's AMD KFD Kernel Fusion Driver component. This buffer overflow vulnerability occurs due to incorrect memory buffer handling during CRIU Checkpoint/Restore in User-space operations on SDMA System Direct Memory Access queues. A local attacker can exploit this fl...
Security Bulletin: Multiple Vulnerabilities in cryptography bundled with IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage include the cryptography library, which is vulnerable to a critical buffer overflow and an improper certificate validation flaw. A classic buffer overflow vulnerability exists when non-contiguous...
Oracle WebCenter Portal (June 2026 CSPU)
The 12.2.1.4.0 and 14.1.2.0.0 versions of WebCenter Portal installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CSPU advisory. - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware component: Security Framework. Supporte...
CVE-2026-10789
A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current...
CVE-2026-10789 MCP Extension Code Injection Vulnerability in Autodesk Fusion Desktop
A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current...
CVE-2026-10789
Summary: CVE-2026-10789 is a code-injection vulnerability in the MCP extension for Autodesk Fusion Desktop. A malicious webpage visited by a user with Fusion Desktop running and MCP enabled can trigger arbitrary code execution with the current user’s privileges. The CVSS 3.1 score is 9.6 (CRITICA...
EUVD-2026-38328
A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current...
CVE-2026-10789
A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current...
PT-2026-51360
Name of the Vulnerable Software and Affected Versions Autodesk Fusion Desktop affected versions not specified Description A flaw in the MCP extension allows arbitrary code execution when a user visits a maliciously crafted webpage while the software is running and the extension is enabled. A...
Astra Linux – Vulnerability in Linux 5.15
A NULL pointer dereference flaw was discovered in the Linux kernel’s AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system...
CVE-2026-8713
The Avada Fusion Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the maybedeletefiles function in all versions up to, and including, 3.15.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the...
CVE-2026-8713
CVE-2026-8713 affects the Avada (Fusion) Builder plugin for WordPress, specifically versions up to 3.15.3. The root cause is insufficient file path validation in the maybe_delete_files() function, which builds file paths via simple string replacement without realpath containment checks. An unauth...
Oracle Coherence (June 2026 CPU)
The 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 versions of Coherence installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CPU advisory. - Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Core. Supported...
WordPress Avada (Fusion) Builder plugin <= 3.15.3 - Unauthenticated Arbitrary File Deletion via Form Entry Value vulnerability
Unauthenticated Arbitrary File Deletion via Form Entry Value vulnerability discovered by daroo in WordPress Plugin Fusion Builder versions = 3.15.3...