CVE-2026-43503

In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers Two frag-transfer helpers pskbcopyfclone and skbshift fail to propagate the SKBFLSHAREDFRAG bit in skbshinfo-flags when moving frags from source to...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: acpi: nfit: fixed the narrowing conversion in acpinfitctl. Syzkaller reported a warning in tonfitbusuuid: “Only secondary bus families can be translated.” This warning is emitted if the argument equals NVDIMMBUSFAMILYNFIT == 0...

CVE-2026-31018

In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...

Juniper Networks Junos OS SRX 代码问题漏洞

Juniper Networks Junos OS SRX is a network operating system specifically designed for hardware devices used by Juniper Networks. This operating system provides secure programming interfaces and the Junos SDK. There are code vulnerabilities in Juniper Networks Junos OS on SRX1600, SRX2300, and...

HCL Sametime 安全漏洞

HCL Sametime is a conference solution developed by the Indian company HCL. HCL Sametime has a security vulnerability, which stems from incomplete server-side verification. This vulnerability could allow attackers to bypass client input checks by sending manipulated HTTP requests directly to the...

CVE-2026-25570

The CVE-2026-25570 entry identifies a stack overflow in the SICAM SIAPP SDK prior to version 2.1.7 due to insufficient input value checks, allowing local code execution and denial of service. Affected: SICAM SIAPP SDK (all versions

RHEL 8 : postgresql:15 (RHSA-2026:4059)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:4059 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL missing validation of...

WordPress plugin GZSEO has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

SUSE-SU-2026:0256-1 Security update for openldap2_5

This update for openldap25 fixes the following issues: Security fixes: - CVE-2026-22185: Fixed possible crash in malicious DB bsc1256297 Other fixes: - Update to version 2.5.20+11: ITS10421 mdbload: check for malicious input...

TeamViewer DEX Client 安全漏洞

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. A security vulnerability exists in TeamViewer DEX Client that stems from improper input validation and could lead to remote execution of arbitrary commands...

EUVD-2019-8733

Malware in sbrugna...

EUVD-2021-24153

Malware in sbrugna...

EUVD-2021-24152

Malware in sbrugna...

EUVD-2023-30260

Malicious code in bioql PyPI...

Cursor 安全漏洞

Cursor is an AI code editor from Cursor Open Source. A security vulnerability exists in Cursor 1.6.23 and earlier versions, which stems from insufficient case-sensitive checking and could lead to remote code execution...

WordPress plugin Zephyr Project Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripti...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a lack of input checking for md/maxreaderrors, which could lead to an integer overflow...

PT-2025-37179

Name of the Vulnerable Software and Affected Versions: Online Fire Reporting System version 1.2 Description: The Online Fire Reporting System contains a stored cross-site scripting XSS issue. The lack of proper validation of user inputs for the remark, status, and takeaction parameters via POST...

sha.js is missing type checks leading to hash rewind and passing on crafted data

Summary This is the same as GHSA-cpq7-6gpm-g9rc but just for sha.js, as it has its own implementation. Missing input type checks can allow types other than a well-formed Buffer or string, resulting in invalid values, hanging and rewinding the hash state including turning a tagged hash into an...

CVE-2025-53888

RIOT-OS, an operating system that supports Internet of Things devices, has an ineffective size check implemented with assert can lead to buffer overflow in versions up to and including 2025.04. Assertions are usually compiled out in production builds. If assertions are the only defense against...