CVE-2026-7209 Simple Link Directory <= 8.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's qcopd-directory shortcode in all versions up to, and including, 8.9.2. This is due to insufficient input sanitization and output escaping on user supplied attributes such as titlefontsize...

EUVD-2026-26729

The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's qcopd-directory shortcode in all versions up to, and including, 8.9.2. This is due to insufficient input sanitization and output escaping on user supplied attributes such as titlefontsize...

CVE-2026-7209 Simple Link Directory <= 8.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's qcopd-directory shortcode in all versions up to, and including, 8.9.2. This is due to insufficient input sanitization and output escaping on user supplied attributes such as titlefontsize...

CVE-2026-7209

The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's qcopd-directory shortcode in all versions up to, and including, 8.9.2. This is due to insufficient input sanitization and output escaping on user supplied attributes such as titlefontsize...

WordPress plugin Simple Link Directory 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-36561

Name of the Vulnerable Software and Affected Versions Simple Link Directory versions prior to 8.9.3 Description The Simple Link Directory plugin for WordPress contains a Stored Cross-Site Scripting issue. Authenticated attackers with contributor-level access or higher can inject arbitrary web...

Linux Distros Unpatched Vulnerability : CVE-2026-43052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: mac80211: check tdls flag in ieee80211tdlsoper When NL80211TDLSENABLELINK is called, the code only checks if the station exists but not whether it is...

CVE-2026-35233

An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range shlink field. When root-level dtrace attaches to -- or instruments -- that process via dtrace -p , pid probes, or USDT, the ELF parser reads heap memory beyond the allocated section cach...

CVE-2026-43013

A flaw was found in the Linux kernel's net/mlx5 driver. An error in the mlx5lagdevaddmdev function can lead to the creation of debugfs entries without a valid LAG Link Aggregation Group context. This exposes interfaces that rely on a valid pointer, potentially leading to a NULL pointer dereferenc...

CVE-2026-23866

Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device, including triggerin...

EUVD-2026-26666

Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device, including triggerin...

CVE-2026-43052

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check tdls flag in ieee80211tdlsoper When NL80211TDLSENABLELINK is called, the code only checks if the station exists but not whether it is actually a TDLS station. This allows the operation to proceed for non-TDL...

WordPress Simple Link Directory plugin <= 8.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Simple Link Directory versions = 8.9.2...

CVE-2026-43052

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check tdls flag in ieee80211tdlsoper When NL80211TDLSENABLELINK is called, the code only checks if the station exists but not whether it is actually a TDLS station. This allows the operation to proceed for non-TDL...

CVE-2026-43052

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check tdls flag in ieee80211tdlsoper When NL80211TDLSENABLELINK is called, the code only checks if the station exists but not whether it is actually a TDLS station. This allows the operation to proceed for non-TDL...

CVE-2026-43052 wifi: mac80211: check tdls flag in ieee80211_tdls_oper

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check tdls flag in ieee80211tdlsoper When NL80211TDLSENABLELINK is called, the code only checks if the station exists but not whether it is actually a TDLS station. This allows the operation to proceed for non-TDL...

CVE-2026-43052

CVE-2026-43052 fixes a Linux kernel mac80211 TDLS handling flaw: NL80211_TDLS_ENABLE_LINK could run TDLS-side effects on non‑TDLS peers. A kernel patch adds an early sta-&gt;sta.tdls check to ensure only true TDLS peers proceed, preventing unintended channel HT-protection changes. Remediation is ...

EUVD-2026-26651

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check tdls flag in ieee80211tdlsoper When NL80211TDLSENABLELINK is called, the code only checks if the station exists but not whether it is actually a TDLS station. This allows the operation to proceed for non-TDL...

CVE-2026-31752 bridge: br_nd_send: validate ND option lengths

In the Linux kernel, the following vulnerability has been resolved: bridge: brndsend: validate ND option lengths brndsend walks ND options according to option-provided lengths. A malformed option can make the parser advance beyond the computed option span or use a too-short source LLADDR option...

CVE-2026-31738

In the Linux kernel, the following vulnerability has been resolved: vxlan: validate ND option lengths in vxlannacreate vxlannacreate walks ND options according to option-provided lengths. A malformed option can make the parser advance beyond the computed option span or use a too-short source LLAD...