Google Android suffers from unspecified vulnerability (CNVD-2026-14648)

Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android, which stems from improper input validation of the loadDescription function in DeviceAdminInfo.java, and can be exploited by an attacker to cause a local elevation of...

PT-2026-24113

vLLM is an inference and serving engine for large language models LLMs. The SSRF protection fix for CVE-2026-24779 add in 0.15.1 can be bypassed in the load from url async method due to inconsistent URL parsing behavior between the validation layer and the actual HTTP client. The SSRF fix uses...

[SECURITY] Fedora 44 Update: coturn-4.9.0-1.fc44

The Coturn TURN Server is a VoIP media traffic NAT traversal server and gatew ay. It can be used as a general-purpose network traffic TURN server/gateway, too. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relaying...

CVE-2026-2371 Greenshift <= 12.8.3 - Missing Authorization to Unauthenticated Private Reusable Block Disclosure via 'gspb_el_reusable_load'

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 12.8.3. This is due to missing authorization and post status validation in the gspbelreusableload AJAX handler. The handler accepts an...

EUVD-2018-21627

Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to the ajax/loadproveedores.php endpoint with crafted SQL payloads to extract sensitive...

CVE-2018-25172

Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to the ajax/loadproveedores.php endpoint with crafted SQL payloads to extract sensitive...

CVE-2018-25172 Pedidos 1.0 SQL Injection via load_proveedores.php

Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to the ajax/loadproveedores.php endpoint with crafted SQL payloads to extract sensitive...

CVE-2018-25172

Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to the ajax/loadproveedores.php endpoint with crafted SQL payloads to extract sensitive...

PT-2026-23684

Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to the ajax/load proveedores.php endpoint with crafted SQL payloads to extract sensitiv...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005631)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005631 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/binfmtelf: Fix memory leak in loadelfbinary There is a memory leak reported by kmemleak:...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the loadClusterProps function in the FileConfigStore component. An attacker can exfiltrate sensitive server files by setting imq.cluster.url to an arbitrary local path e.g., file:///etc/passwd and then running...

[SECURITY] Fedora 42 Update: coturn-4.9.0-1.fc42

The Coturn TURN Server is a VoIP media traffic NAT traversal server and gatew ay. It can be used as a general-purpose network traffic TURN server/gateway, too. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relaying...

[SECURITY] Fedora 43 Update: coturn-4.9.0-1.fc43

The Coturn TURN Server is a VoIP media traffic NAT traversal server and gatew ay. It can be used as a general-purpose network traffic TURN server/gateway, too. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relaying...

bws-web-server (>=0.1.0 <=0.1.1), pingora (>=0.1.0 <=0.6.0) +6 more potentially affected by CVE-2026-2833 via pingora-core (>=0.1.1 <=0.6.0)

pingora-core CARGO version =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.7 - revoke-gateway =0.3.0 - static-files-module =0.1.0 Source cves: CVE-2026-2833 Source advisory: OSV:RUSTSEC-2026-0033...

CVE-2026-2732

The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'RemoveBackGroundViewController::load' function in all versions up to, and including, 4.1.7. This makes it possible for authenticated attackers, with...

CVE-2025-48645

In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-62814

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of fthandle in loadfwutcvector causes a denial of service...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005540)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005540 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix null-ptr-deref when journal load failed. During the mounting process, if journalreset...

OpenClaw: Native prompt image auto-load did not honor tools.fs.workspaceOnly in sandboxed runs

Summary In sandboxed runs, native prompt image auto-load did not honor tools.fs.workspaceOnly=true. This optional hardening setting is not enabled by default. When operators enabled it, prompt text could still reference mounted out-of-workspace image paths for example /agent/secret.png and load...

Blockchain Communication Vulnerabilities

Blockchains are diverse in the way they handle communications between their nodes to disseminate information, mitigate attacks, and agree on the next block. While security vulnerabilities have been identified, they rely on an attack custom-made for a specific blockchain communication protocol. To...