5940 matches found
kernel: md/bitmap: fix GPF in write_page caused by resize race
A flaw was found in the Linux kernel's md/bitmap component. This vulnerability involves a use-after-free race condition that occurs during array resize operations. When the bitmapdaemonwork and bitmapresize functions execute concurrently, they can access memory pages that have already been freed...
CVE-2026-12955
The CVE-2026-12955 entry describes a vulnerability in the GDPR Cookie Consent plugin for WordPress (versions up to 4.3.6) where missing capability checks and nonce verification in the gdpr_cookie_consent_ajax_save_schedule_scan() function (wp_ajax_gcc_save_schedule_scan) allow authenticated users...
WordPress Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin <= 4.3.6 - Authenticated (Administrator+) SQL Injection vulnerability
Authenticated Administrator+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions = 4.3.6...
WordPress Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin <= 4.3.6 - Missing Authorization to Authenticated (Subscriber+) Scan Schedule Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Scan Schedule Modification vulnerability discovered by PRISM in WordPress Plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions = 4.3.6...
EUVD-2026-42562
The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvoresetpolicyservicefunc function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plugin...
tomcat11-11.0.23-1.1 on GA media (moderate)
tomcat11-11.0.23-1.1 on GA media Announcement ID: openSUSE-SU-2026:11195-1 Rating: moderate Cross-References: CVE-2026-50229 CVE-2026-53404 CVE-2026-53434 CVE-2026-55276 CVE-2026-55955 CVE-2026-55956 CVSS scores: CVE-2026-50229 SUSE : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2026-5022...
PT-2026-56861
Name of the Vulnerable Software and Affected Versions openSUSE Tumbleweed suricata package versions prior to 8.0.5-2.1 Description A UNIX Symbolic Link Symlink Following issue exists where the suricata user can escalate privileges to root. A symlink is a special type of file that serves as a...
OPENSUSE-SU-2026:11195-1 tomcat11-11.0.23-1.1 on GA media
These are all security issues fixed in the tomcat11-11.0.23-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2026:11185-1 gi-docgen-2026.1-1.1 on GA media
These are all security issues fixed in the gi-docgen-2026.1-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2026:11191-1 python313-lxml_html_clean-0.4.5-1.1 on GA media
These are all security issues fixed in the python313-lxmlhtmlclean-0.4.5-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2026:11186-1 helm-4.2.2-2.1 on GA media
These are all security issues fixed in the helm-4.2.2-2.1 package on the GA media of openSUSE Tumbleweed...
CVE-2026-14737
A vulnerability was identified in Hanwang e-Face General Management Platform 6.3.5.4. This impacts an unknown function of the file /sysAuthStr/querySysAuthStr.do. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly...
CVE-2026-14737
A vulnerability was identified in Hanwang e-Face General Management Platform 6.3.5.4. This impacts an unknown function of the file /sysAuthStr/querySysAuthStr.do. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly...
PT-2026-55785
Name of the Vulnerable Software and Affected Versions Hanwang e-Face General Management Platform version 6.3.5.4 Description A SQL injection issue exists in the /sysAuthStr/querySysAuthStr.do endpoint. This occurs when the manipulation of the argument order allows a remote attacker to execute...
OPENSUSE-SU-2026:11184-1 chromedriver-150.0.7871.46-1.1 on GA media
These are all security issues fixed in the chromedriver-150.0.7871.46-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2026:11182-1 clamav-1.5.3-1.1 on GA media
These are all security issues fixed in the clamav-1.5.3-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2026:11172-1 dnsmasq-2.93-2.1 on GA media
These are all security issues fixed in the dnsmasq-2.93-2.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2026:11176-1 kitty-0.47.4-2.1 on GA media
These are all security issues fixed in the kitty-0.47.4-2.1 package on the GA media of openSUSE Tumbleweed...
Progress LoadMaster API command injection
Added: 07/02/2026 CVE: CVE-2026-8037 Background LoadMaster is delivery and security application with cloud-native, virtual and hardware load balancers. Problem A command injection vulnerability allows remote attackers to execute arbitrary code by sending a specially crafted API request. Resolutio...
OPENSUSE-SU-2026:11178-1 openQA-5.1782995932.ffeb09be-1.1 on GA media
These are all security issues fixed in the openQA-5.1782995932.ffeb09be-1.1 package on the GA media of openSUSE Tumbleweed...