SUSE CVE-2026-23395

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix accepting multiple L2CAPECREDCONNREQ Currently the code attempts to accept requests regardless of the command identifier which may cause multiple requests to be marked as pending FLAGDEFERSETUP which can cau...

CVE-2026-20719 DoS via URL Previews Rendering Malicious SVGs

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub.. Mattermost Advisory ID:...

CVE-2026-20719

CVE-2026-20719 affects Mattermost server/components that render external SVGs in link embeds across Mattermost 10.11.x–11.4.x (including 11.2.x, 11.3.x, 11.4.x). The root cause is failure to prevent rendering of external SVGs in embeds, enabling unauthenticated users to crash the web/desktop apps...

CVE-2026-23319

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF component. This use-after-free UAF vulnerability allows a local user to trigger a condition in the bpftrampolinelinkcgroupshim function where a resource is freed but still referenced. This can lead to a system crash, resulting in a...

CVE-2026-20108

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user...

CVE-2026-32495 WordPress WP Terms Popup plugin <= 2.10.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through = 2.10.0...

CVE-2026-23807 WordPress WP Telegram Widget and Join Link plugin <= 2.2.13 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Reflected XSS.This issue affects WP Telegram Widget and Join Link: from n/a through = 2.2.13...

CVE-2026-23807 WordPress WP Telegram Widget and Join Link plugin <= 2.2.13 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Reflected XSS.This issue affects WP Telegram Widget and Join Link: from n/a through = 2.2.13...

CVE-2026-23807

The CVE-2026-23807 entry concerns the WordPress WP Telegram Widget and Join Link plugin up to version 2.2.13, which is affected by a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation. The issue affects WP Telegram Widget and J...

CVE-2026-20108

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user...

CVE-2026-20108

The CVE-2026-20108 affects Cisco Catalyst SD-WAN Manager’s web-based management interface. The issue is insufficient validation of user input , enabling an authenticated, remote attacker to entice a user to click a crafted link and trigger cross-site scripting . Successful exploitation could exec...

CVE-2025-40841

creationtimestamp| type| source ---|---|--- 2026-03-25 14:54:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhvdscayn52z...

CVE-2025-27260

creationtimestamp| type| source ---|---|--- 2026-03-25 14:39:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhvcxe66cv2g...

CVE-2026-23923

creationtimestamp| type| source ---|---|--- 2026-03-25 14:35:07+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mhvcqd54ze2r...

CVE-2026-23920

creationtimestamp| type| source ---|---|--- 2026-03-25 14:35:06+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mhvcqd54ze2r...

CVE-2026-2726

creationtimestamp| type| source ---|---|--- 2026-03-25 14:30:14+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mhvchlod2p25 2026-03-25 18:34:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhvq3vla4p2i 2026-03-26 03:00:00+00:00| seen|...

CVE-2026-3857

creationtimestamp| type| source ---|---|--- 2026-03-25 14:30:14+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mhvchlod2p25 2026-03-25 16:17:09+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-3857 2026-03-25 16:23:23+00:00| seen|...

CVE-2026-2995

creationtimestamp| type| source ---|---|--- 2026-03-25 14:30:14+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mhvchlod2p25 2026-03-25 16:23:23+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-su-gitlab-community-edition-ce-e-enterprise-edition-ee-3 2026-03-25...

CVE-2025-13078

creationtimestamp| type| source ---|---|--- 2026-03-25 14:30:13+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mhvchlod2p25 2026-03-25 18:44:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhvqnsl7352n 2026-03-26 03:00:00+00:00| seen|...

CVE-2026-4397

creationtimestamp| type| source ---|---|--- 2026-03-25 14:30:08+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mhvchgeqhw23...