WordPress WHMCS Bridge <6.4b - Cross-Site Scripting

WordPress WHMCS Bridge plugin before 6.4b contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the error parameter before outputting it back in the admin dashboard. id: CVE-2021-25112 info: name: WordPress WHMCS Bridge 6.4b - Cross-Site Scripting author:...

i-Panel Administration System 2.0 - Cross-Site Scripting

i-Panel Administration System 2.0 contains a cross-site scripting vulnerability that enables an attacker to execute arbitrary JavaScript code in the browser-based web console. id: CVE-2021-41878 info: name: i-Panel Administration System 2.0 - Cross-Site Scripting author: madrobot severity: medium...

CVE-2026-10852

IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server...

CVE-2026-10852

IBM i 7.3–7.6 and IBM WebSphere Application Server/Liberty are affected by CVE-2026-10852, a denial-of-service in the WebSphere WebServer Plug-in when crafted requests are sent. Root cause cited: NULL Pointer Dereference (CWE-476). CVSS 3.1 base score 5.9 (Network, High attack complexity, No priv...

CVE-2026-10852 IBM i is Affected By a Denial of Service in IBM WebSphere Application Server Liberty

IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server...

CVE-2026-9072

CVE-2026-9072 affects IBM i (versions 7.3–7.6) with IBM WebSphere Application Server and WebSphere Application Server Liberty when using Intelligent Management with the WebSphere WebServer Plug-in. The issue arises when an attacker impersonates backend servers and sends crafted responses to the p...

CVE-2026-9072 IBM i is Affected By Denial of Service, HTTP Request Smuggling, and Remote Code Execution Vulnerabilities in IBM WebSphere Application Server Liberty [, , , , ]

IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when...

CVE-2026-8858 IBM i is Affected By Denial of Service, HTTP Request Smuggling, and Remote Code Execution Vulnerabilities in IBM WebSphere Application Server Liberty [, , , , ]

IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the applicatio...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Revert “f2fs: block cache/dio write during f2fsenablecheckpoint”. This revert commits 196c81fdd438f7ac429d5639090a9816abb9760a. The original patch might cause a deadlock; revert it. write remount - writebegin - lockpage --- lock ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: block: Do not revert the iterator for -EIOCBQUEUED. The blkdevreaditer function includes some unusual checks. For example, it gates the position and count adjustment based on whether the result is greater than or equal to zero...

Astra Linux – Vulnerability in uriparser

A issue was discovered in uriparser through 0.9.7. The ComposeQueryEngine in UriQuery.c has an integer overflow due to long keys or values, resulting in a buffer overflow...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: erofs: The issue of generating a order = MAXORDER warning due to an intentionally crafted negative isize has been fixed. As reported by syzbot 1, the root cause is that the isize field is a signed type, and a negative isize value...

CVE-2026-42487 x86 HVM I/O port list traversal

HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model via XENDOMCTLioportmapping, and hence the linked list used may changed at any time. Traversal of those lists while handling guest I/O port accesses therefore needs...

CVE-2026-0647

The 1794-AENTR adapter (Rockwell Automation FLEX I/O dual‑port EtherNet/IP) has an improper authentication flaw in its embedded web server. An unauthenticated attacker can change the device web interface password by sending a crafted HTTP GET request to a specific endpoint, without prior authenti...

CVE-2026-0646

The affected product is Rockwell Automation 1794-AENTR adapters (EtherNet/IP). The issue is a denial-of-service caused by improper memory handling of CIP protocol requests in the 1794-AENTR adapter, which can cause the device to fault and drop connections to its linked I/O modules, requiring a ma...

CVE-2026-7870

IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege...

CVE-2026-7870 IBM i is Affected by Privilege Escalation []

IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege...

CVE-2026-45782

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same headindex while asynchronous block I/O is enabled e....

Mother May I - Critical - Unsupported - SA-CONTRIB-2026-045

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

EUVD-2026-35870

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same headindex while asynchronous block I/O is enabled e....