CVE-2026-6741

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute method of the connect-customer-to-wp-user ability, which only requires...

SUSE SLED15 / SLES15 Security Update : go1.25-openssl (SUSE-SU-2026:2079-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2079-1 advisory. This update for go1.25-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when...

SUSE-SU-2026:2092-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...

SUSE-SU-2026:2079-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...

Exploit for CVE-2026-5229

CVE-2026-5229 CVE-2026-5229: Form Notify Auth Bypass via LINE...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: LoongArch: Optimized module load time by optimizing PLT/GOT counting. When CONFIGKASAN, CONFIGPREEMPTVOLUNTARYBUILD, and CONFIGPREEMPTVOLUNTARY are enabled simultaneously, a soft deadlock may occur. The relevant logs are as...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iommu: Cleansing of iommu-dma operations during cleanup. If iommudeviceregister encounters an error, it may result in tearing down already-configured groups and default domains. However, this still leaves devices connected to...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability that stems from cross-session verification proofs, which rely solely on local user IDs and IdP aliases without binding actual verified upstream identities. This...

Malicious code in aurapro-ui (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cace553d74971e3660a0a7095662488f531348ba3e756696da5ff0ef9645ab22 The PyPI package aurapro-ui installs its code under the Python import namespace openwebui/ and registers two console scripts in entrypoints.txt —...

SUSE CVE-2026-44309

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git...

Public Voting Records: A Record, or an Attack Surface?

This is a whitepaper discussing a formal methodology for auditing voter-file disclosure regimes against linkage attacks...

HackerSignal: A Large-Scale Multi-Source Dataset Linking Hacker Community Discourse to the CVE Vulnerability Lifecycle

We introduce HackerSignal, a benchmark for temporal out-of-distribution cyber threat intelligence CTI and cross-source CVE linkage. HackerSignal aggregates 7.45 million exact-deduplicated documents from 64 public forum/source identifiers spanning eight source layers and a 36-year window 1990-2026...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: ftrace: consistently handles PLTs. Sometimes it is necessary to use a PLT entry to call a ftrace trampoline. This is handled by ftracemakecall and ftracemakenop, both of which have almost identical logic. However, this iss...

EUVD-2026-25910

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute method of the connect-customer-to-wp-user ability, which only requires...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013757)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013757 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: ftrace: fix module PLTs with mcount Li Huafei reports that mcount-based ftrace with module...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013796)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013796 advisory. In the Linux kernel, the following vulnerability has been resolved: udf: Detect system inodes linked into directory hierarchy When UDF filesystem is corrupted, hidde...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011068)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011068 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: ftrace: fix module PLTs with mcount Li Huafei reports that mcount-based ftrace with module...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper SQL operator precedence in the hasAccessToLabel function. An attacker can access label metadata, including titles, descriptions, colors, and creator information from projects they do not have acce...

CVE-2026-33460 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure

Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces through an internal enrollment endpoint. The endpoin...

CVE-2026-33665

n8n is an open source workflow automation platform. Prior to versions 2.4.0 and 1.121.0, when LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the local account's email. An authenticated LDAP user who could...