268 matches found
EUVD-2026-27705
In the Linux kernel, the following vulnerability has been resolved: remoteproc: imxrproc: Fix invalid loaded resource table detection imxrprocelffindloadedrsctable may incorrectly report a loaded resource table even when the current firmware does not provide one. When the device tree contains a...
CVE-2026-43145
The CVE-2026-43145 issue is in the Linux kernel remoteproc imx_rproc driver. The function imx_rproc_elf_find_loaded_rsc_table() could incorrectly report a loaded resource table when the firmware provided no resource table, because it returning priv->rsc_table even if rproc->table_ptr was NU...
CVE-2026-4139
The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.5.2. This is due to the complete absence of nonce verification and capability checks in the computepost function, which processes settings updates. The computepost function is...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013842)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013842 advisory. In the Linux kernel, the following vulnerability has been resolved: i40e: fix validation of VF state in get resources VF state I40EVFSTATEACTIVE is not the only stat...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011410)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011410 advisory. In the Linux kernel, the following vulnerability has been resolved: i40e: fix validation of VF state in get resources VF state I40EVFSTATEACTIVE is not the only stat...
CVE-2026-4748
A regression in the way hashes were calculated caused rules containing the address range syntax x.x.x.x - y.y.y.y that only differ in the address ranges involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the...
CVE-2026-4748 pf silently ignores certain rules
A regression in the way hashes were calculated caused rules containing the address range syntax x.x.x.x - y.y.y.y that only differ in the address ranges involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the...
bpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loaded
...
CVE-2026-23310
In the Linux kernel, the following vulnerability has been resolved: bpf/bonding: reject vlan+srcmac xmithashpolicy change when XDP is loaded bondoptionmodeset already rejects mode changes that would make a loaded XDP program incompatible via bondxdpcheck. However, bondoptionxmithashpolicyset has ...
Exploit for Heap-based Buffer Overflow in Microsoft
CVE-2024-30051 — Windows DWM Heap Overflow EoP · Master's Thes...
FreeBSD Security Advisory - FreeBSD-SA-26:09.pf
FreeBSD Security Advisory - pf silently ignores certain rules. A regression in the way hashes were calculated caused rules containing the address range syntax x.x.x.x - y.y.y.y that only differ in the address ranges involved to be silently dropped as duplicates. Only the first of such rules is...
WordPress Autoptimize plugin <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lazy-loaded Image Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Lazy-loaded Image Attributes vulnerability discovered by stealthcopter in WordPress Plugin Autoptimize versions = 3.1.14...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005540)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005540 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix null-ptr-deref when journal load failed. During the mounting process, if journalreset...
Vivo SmartRemote 安全漏洞
Vivo SmartRemote is a mobile remote control app developed by the Chinese company Vivo. There is a security vulnerability in Vivo SmartRemote, which stems from insufficient restrictions on loaded URLs, potentially leading to information leakage...
CVE-2025-71242
SPIP exposes an Authorization Bypass in private content disclosure for versions prior to 4.3.6, including 4.2.17 and 4.1.20. The flaw occurs when SPIP displays article and rubrique content in AJAX-loaded fragments without proper authorization checks, enabling an authenticated attacker to access r...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: i40e: fixed the validation of VF state in the get resources function. The state I40EVFSTATEACTIVE is not the only state in which a VF is actually active. Therefore, it should not be used to determine whether a VF is allowed to...
PT-2026-27675
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the bonding driver where changes to the xmit hash policy to vlan+srcmac are not properly restricted when an XDP program is loaded. Specifically, the...
A Statistical Side-Channel Risk Model for Timing Variability in Lattice-Based Post-Quantum Cryptography
Timing side-channels are an important threat to cryptography that still needs to be addressed in implementations, and the advent of post-quantum cryptography raises this issue because the lattice-based schemes may produce secret-dependent timing variability with the help of complex arithmetic and...
PT-2025-52434
A stored cross-site scripting XSS vulnerability exists in the Digital IDs functionality of the Foxit PDF Editor Cloud pdfonline.foxit.com. The application does not properly sanitize or encode the Common Name field of Digital IDs before inserting user-supplied content into the DOM. As a result,...
CVE-2025-66572
Loaded Commerce 6.6 contains a client-side template injection vulnerability that allows unauthenticated attackers to execute code on the server via the search parameter...