CVE-2026-48972

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SeedProd LLC SeedProd Pro allows PHP Local File Inclusion. This issue affects SeedProd Pro: from n/a before 6.19.5...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: llc: Made llcuisendmsg more robust against changes related to bonding. syzbot was able to exploit llcuisendmsg, allocating an skb without sufficient headroom, and then attempting to append 14 bytes of Ethernet header...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: llc: Call to sockorphan at the release time. syzbot reported an interesting trace 1 caused by a stale sk-skwq pointer in a closed llc socket. In the commit ff7b11aa481f “net: socket: set sock-sk to NULL after calling...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel before version 5.17.1, a refcount leak bug was discovered in the net/llc/afllc.c file...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: llc: A test for maclen should be performed before reading the MAC header. The LLC layer reads the MAC header using ethhdr, without verifying that the skb contains an Ethernet header. The Syzbot exploit was able to execute the...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: llc: Support for ETHPTR8022 has been removed. syzbot reported a bug related to uninit-values. 0 llc supports ETHP8022 0x0004 and previously also supported ETHPTR8022 0x0011. syzbot exploited ETHPTR8022 to trigger the bug. The...

EUVD-2026-25220

Improper Control of Generation of Code 'Code Injection' vulnerability in Funnelforms LLC FunnelFormsPro allows Remote Code Inclusion.This issue affects FunnelFormsPro: from n/a through 3.8.1...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013543)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013543 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix potential panic dues to unprotected smcllcsrvaddlink There is a certain chance to...

200,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability in Perfmatters WordPress Plugin

On March 1st, 2026, we received a submission for an Arbitrary File Deletion vulnerability in Perfmatters, a WordPress plugin with more than 200,000 active installations. This vulnerability makes it possible for unauthenticated threat actors to delete arbitrary files, including the wp-config.php...

CVE-2026-30279

An arbitrary file overwrite vulnerability in Squareapps LLC My Location Travel Timeline v11.80 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

PT-2026-29301

Name of the Vulnerable Software and Affected Versions UXGROUP LLC Cast to TV Screen Mirroring version 2.2.77 Description A file overwrite issue exists in UXGROUP LLC Cast to TV Screen Mirroring version 2.2.77. Attackers can overwrite critical internal files through the file import process. This...

CVE-2026-30284

CVE-2026-30284 affects UXGROUP LLC Voice Recorder v10.0. The vulnerability is an arbitrary file overwrite via the file import process, allowing overwriting of critical internal files. This can lead to arbitrary code execution or information exposure as described in the NVD/CVE listings. No specif...

CVE-2026-32495 WordPress WP Terms Popup plugin <= 2.10.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through = 2.10.0...

PT-2026-20714

Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through = 3.5.3...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000598)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000598 advisory. The llcuirecvmsg function in net/llc/afllc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002429)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002429 advisory. The llcuirecvmsg function in net/llc/afllc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002456)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002456 advisory. The llcuirecvmsg function in net/llc/afllc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002204)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002204 advisory. net/llc/sysctlnetllc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003107)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003107 advisory. The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002711)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002711 advisory. The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a...