CVE-2026-23346 arm64: io: Extract user memory type in ioremap_prot()

In the Linux kernel, the following vulnerability has been resolved: arm64: io: Extract user memory type in ioremapprot The only caller of ioremapprot outside of the generic ioremap implementation is genericaccessphys, which passes a 'pgprott' value determined from the user mapping of the target...

CVE-2026-23346

In the Linux kernel, the following vulnerability has been resolved: arm64: io: Extract user memory type in ioremapprot The only caller of ioremapprot outside of the generic ioremap implementation is genericaccessphys, which passes a 'pgprott' value determined from the user mapping of the target...

CVE-2026-23345 arm64: gcs: Do not set PTE_SHARED on GCS mappings if FEAT_LPA2 is enabled

In the Linux kernel, the following vulnerability has been resolved: arm64: gcs: Do not set PTESHARED on GCS mappings if FEATLPA2 is enabled When FEATLPA2 is enabled, bits 8-9 of the PTE replace the shareability attribute with bits 50-51 of the output address. The PAGEGCS,RO definitions include th...

WPProbe Plugin Enumeration Tool 0.11.2

A fast WordPress plugin and theme scanner that detects installed plugins via REST API enumeration and themes from HTML discovery, then maps them to known vulnerabilities. Over 5,000 plugins detectable without brute-force, thousands more with it...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper handling of user mapping reference counts, potentially leading to kernel warnings...

Malicious code in json-mapping-token (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3e27e1c4dcb0a7a03e552d242b6d13a6834ae89bf87382c9ff28d8e88820be8 The package json-mapping-token was found to contain malicious code...

MAL-2026-2368 Malicious code in json-mapping-token (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3e27e1c4dcb0a7a03e552d242b6d13a6834ae89bf87382c9ff28d8e88820be8 The package json-mapping-token was found to contain malicious code...

Malicious code in json-mapping-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45649188d792a4c0d12add7ece8a5f8bd1f35ea2478d963b75238249cc788de3 The package json-mapping-fetch was found to contain malicious code...

MAL-2026-2367 Malicious code in json-mapping-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45649188d792a4c0d12add7ece8a5f8bd1f35ea2478d963b75238249cc788de3 The package json-mapping-fetch was found to contain malicious code...

HCL Traveler 安全漏洞

HCL Traveler is a software developed by the Indian company HCL. It enables automatic, bidirectional, and wireless synchronization between HCL Domino servers and wireless handheld devices. HCL Traveler has a security vulnerability that stems from the leakage of sensitive information due to incorre...

K000160420: Linux kernel vulnerabilities CVE-2025-40154

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcrrt5640: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcrrt5640 driver only shows an error message but leaves as is. This may lead to...

WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained code vulnerabilities. These vulnerabilities stemmed from the isSSRFSafeURL function, which allowed bypassing IPv6 addresses using IPv4 mapping. This could lead to...

EUVD-2026-13857

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

EUVD-2026-13850

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

CVE-2026-31926

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

CVE-2026-28204

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

CVE-2026-31926

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

CVE-2026-31926

Technical details about CVE-2026-31926 are not publicly available in the provided documents. Monitor for updates from vendors and CSIRTs.

CVE-2026-28204

Technical details are not publicly available in the provided documents. The records only state that charging station authentication identifiers are publicly accessible via mapping platforms. Monitor for updates; no root cause or remediation details are provided here.

CVE-2026-28204 CTEK Chargeportal Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...