CVE-2026-32890

Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. In versions 1.4.1 and below, a stored Cross-site Scripting XSS vulnerability in the web dashboard's User Mapping dropdown allows any unprivileged Discord user in the...

CVE-2025-55276 HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability

HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability will give attackers a clearer map of the organization’s network layout...

CVE-2025-55276

CVE-2025-55276 concerns HCL Aftermarket DPC and an Internal IP Disclosure issue. Public documents describe an ability for an attacker to obtain a clearer map of an organization’s network layout, potentially aiding further attacks. NVD lists CVSS v3.1 base score 5.3 (Network vector, Low confidenti...

Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: CVE-2025-48989: HTTP/2 protocol including DNS over HTTPS is vulnerable to "MadeYouReset" DoS attack bsc1243895. CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM...

EVerest 竞争条件问题漏洞

EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions prior to EVerest 2026.02.0 contained a race condition vulnerability, which was caused by data competition and could lead to mapping or queue corruption...

WPProbe Plugin Enumeration Tool 0.11.3

A fast WordPress plugin and theme scanner that detects installed plugins via REST API enumeration and themes from HTML discovery, then maps them to known vulnerabilities. Over 5,000 plugins detectable without brute-force, thousands more with it...

GHSA-Q537-8FR5-CW35 Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()

Summary The v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the SSRF protection introduced by the fix for CVE-2025-25194 GHSA-7723-35v7-qcxw,...

SUSE CVE-2026-23346

In the Linux kernel, the following vulnerability has been resolved: arm64: io: Extract user memory type in ioremapprot The only caller of ioremapprot outside of the generic ioremap implementation is genericaccessphys, which passes a 'pgprott' value determined from the user mapping of the target...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service (CVE-2026-32874, CVE-2026-32875)

Summary Python module UltraJSON is used by IBM App Connect Enterprise Certified Container by the mapping assistance component. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin provides patch...

EUVD-2026-15372

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARNON in tracingbuffersmmapclose When a process forks, the child process copies the parent's VMAs but the usermapped reference count is not incremented. As a result, when both the parent and child processes exit,...

EUVD-2026-15313

In the Linux kernel, the following vulnerability has been resolved: arm64: io: Extract user memory type in ioremapprot The only caller of ioremapprot outside of the generic ioremap implementation is genericaccessphys, which passes a 'pgprott' value determined from the user mapping of the target...

CVE-2026-23361

In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry Endpoint drivers use dwpcieepraisemsixirq to raise an MSI-X interrupt to the host using a writel, which generates a PCI posted write transaction. There's no completio...

CVE-2026-23346

In the Linux kernel, the following vulnerability has been resolved: arm64: io: Extract user memory type in ioremapprot The only caller of ioremapprot outside of the generic ioremap implementation is genericaccessphys, which passes a 'pgprott' value determined from the user mapping of the target...

CVE-2026-23361

In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry Endpoint drivers use dwpcieepraisemsixirq to raise an MSI-X interrupt to the host using a writel, which generates a PCI posted write transaction. There's no completio...

CVE-2026-23345

In the Linux kernel, the following vulnerability has been resolved: arm64: gcs: Do not set PTESHARED on GCS mappings if FEATLPA2 is enabled When FEATLPA2 is enabled, bits 8-9 of the PTE replace the shareability attribute with bits 50-51 of the output address. The PAGEGCS,RO definitions include th...

CVE-2026-23346

In the Linux kernel, the following vulnerability has been resolved: arm64: io: Extract user memory type in ioremapprot The only caller of ioremapprot outside of the generic ioremap implementation is genericaccessphys, which passes a 'pgprott' value determined from the user mapping of the target...

UBUNTU-CVE-2026-23346

In the Linux kernel, the following vulnerability has been resolved: arm64: io: Extract user memory type in ioremapprot The only caller of ioremapprot outside of the generic ioremap implementation is genericaccessphys, which passes a 'pgprott' value determined from the user mapping of the target...

UBUNTU-CVE-2026-23380

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARNON in tracingbuffersmmapclose When a process forks, the child process copies the parent's VMAs but the usermapped reference count is not incremented. As a result, when both the parent and child processes exit,...

CVE-2026-23346

In the Linux kernel, the following vulnerability has been resolved: arm64: io: Extract user memory type in ioremapprot The only caller of ioremapprot outside of the generic ioremap implementation is genericaccessphys, which passes a 'pgprott' value determined from the user mapping of the target...

CVE-2026-23346

In the Linux kernel, the following vulnerability has been resolved: arm64: io: Extract user memory type in ioremapprot The only caller of ioremapprot outside of the generic ioremap implementation is genericaccessphys, which passes a 'pgprott' value determined from the user mapping of the target...