PT-2026-50109

Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2...

CVE-2026-48972

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SeedProd LLC SeedProd Pro allows PHP Local File Inclusion. This issue affects SeedProd Pro: from n/a before 6.19.5...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: llc: Support for ETHPTR8022 has been removed. The syzbot reported a bug related to uninit-values. 0 llc previously supported ETHP8022 0x0004 and also ETHPTR8022 0x0011. The syzbot exploited this to trigger the bug. The code us...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel before version 5.17.1, a refcount leak bug was discovered in the net/llc/afllc.c file...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: llc: A test for maclen should be performed before reading the MAC header. The LLC layer reads the MAC header using ethhdr, without verifying that the skb contains an Ethernet header. Syzbot was able to access the llcrcv functi...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: llc: Makes llcuisendmsg more robust against changes related to bonding. syzbot was able to exploit llcuisendmsg, allocating a skb without sufficient headroom, and then attempting to append 14 bytes of Ethernet header information...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: llc: Calling sockorphan at the release time syzbot reported an interesting trace 1 caused by a stale pointer to sk-skwq in a closed llc socket. In the commit ff7b11aa481f "net: socket: setting sock-sk to NULL after calling...

EUVD-2026-25220

Improper Control of Generation of Code 'Code Injection' vulnerability in Funnelforms LLC FunnelFormsPro allows Remote Code Inclusion.This issue affects FunnelFormsPro: from n/a through 3.8.1...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013543)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013543 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix potential panic dues to unprotected smcllcsrvaddlink There is a certain chance to...

200,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability in Perfmatters WordPress Plugin

On March 1st, 2026, we received a submission for an Arbitrary File Deletion vulnerability in Perfmatters, a WordPress plugin with more than 200,000 active installations. This vulnerability makes it possible for unauthenticated threat actors to delete arbitrary files, including the wp-config.php...

CVE-2026-30279

An arbitrary file overwrite vulnerability in Squareapps LLC My Location Travel Timeline v11.80 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

PT-2026-29301

Name of the Vulnerable Software and Affected Versions UXGROUP LLC Cast to TV Screen Mirroring version 2.2.77 Description A file overwrite issue exists in UXGROUP LLC Cast to TV Screen Mirroring version 2.2.77. Attackers can overwrite critical internal files through the file import process. This...

CVE-2026-30284

CVE-2026-30284 affects UXGROUP LLC Voice Recorder v10.0. The issue is an arbitrary file overwriting vulnerability during the file import process, allowing attackers to overwrite internal files and potentially trigger arbitrary code execution or information exposure. The available documents state ...

CVE-2026-32495 WordPress WP Terms Popup plugin <= 2.10.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through = 2.10.0...

PT-2026-20714

Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through = 3.5.3...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000598)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000598 advisory. The llcuirecvmsg function in net/llc/afllc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002711)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002711 advisory. The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002204)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002204 advisory. net/llc/sysctlnetllc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002022)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002022 advisory. net/llc/sysctlnetllc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003107)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003107 advisory. The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a...