SUSE-SU-2026:21102-1 Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.7.1 fixes various security issues The following security issues were fixed: - CVE-2025-40159: xsk: Harden userspace-supplied xdpdesc validation bsc1253404. - CVE-2025-71120: SUNRPC: svcauthgss: avoid NULL deref on zero length gsstoken...

CVE-2025-15441

The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts...

CVE-2025-15441 Form Maker < 1.15.38 - SQL Injection

The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts...

CVE-2025-15441 Form Maker < 1.15.38 - SQL Injection

The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts...

CVE-2025-15441

The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts...

CVE-2025-15441

The CVE concerns the WordPress plugin Form Maker by 10Web. Versions prior to 1.15.38 expose a SQL Injection risk due to improper preparation of SQL queries when the MySQL Mapping feature is used. Affected product: Form Maker by 10Web (WordPress plugin); vulnerable component: SQL query handling wi...

WPProbe Plugin Enumeration Tool 0.11.8

A fast WordPress plugin and theme scanner that detects installed plugins via REST API enumeration and themes from HTML discovery, then maps them to known vulnerabilities. Over 5,000 plugins detectable without brute-force, thousands more with it...

PT-2026-32277

Name of the Vulnerable Software and Affected Versions The Form Maker by 10Web WordPress plugin versions prior to 1.15.38 Description Improper preparation of SQL queries occurs when the "MySQL Mapping" feature is active, which may enable SQL Injection attacks in certain contexts. Recommendations...

Linux Distros Unpatched Vulnerability : CVE-2026-40199

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. packipv6 includes the sentinel byte from...

ALPINE-CVE-2026-40199

Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. packipv6 includes the sentinel byte from packipv4 when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of...

CVE-2026-29923

The pstrip64.sys driver in EnTech Taiwan PowerStrip =3.90.736 allows local users to escalate privileges to SYSTEM via a crafted IOCTL request enabling unprivileged users to map arbitrary physical memory into their address space and modify critical kernel structures...

WPProbe Plugin Enumeration Tool 0.11.6

A fast WordPress plugin and theme scanner that detects installed plugins via REST API enumeration and themes from HTML discovery, then maps them to known vulnerabilities. Over 5,000 plugins detectable without brute-force, thousands more with it...

EUVD-2026-21014

The pstrip64.sys driver in EnTech Taiwan PowerStrip =3.90.736 allows local users to escalate privileges to SYSTEM via a crafted IOCTL request enabling unprivileged users to map arbitrary physical memory into their address space and modify critical kernel structures...

cybersentinel-agent

CyberSentinel Agent Defensive cybersecurity agent framework w...

CVE-2026-29923

The CVE relates to EnTech Taiwan PowerStrip ≤ 3.90.736 where the pstrip64.sys kernel driver exposes IOCTL 0x80002008 that, without proper checks, maps arbitrary physical memory into an unprivileged process via \Device\PhysicalMemory/ZwMapViewOfSection. This creates an unrestricted physical memory...

CVE-2026-39409

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, ipRestriction does not canonicalize IPv4-mapped IPv6 client addresses e.g. ::ffff:127.0.0.1 before applying IPv4 allow or deny rules. In environments such as Node.js dual-stack, this can cause...

CVE-2026-39575

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through = 5.5.0...

CVE-2026-39575

CVE-2026-39575 affects the WordPress plugin “Custom Query Blocks” (Ronald Huereca) for the post-type-archive-mapping feature, with DOM-based XSS caused by improper neutralization of input during web page generation. Affected versions are

PT-2026-31162

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through = 5.5.0...

xibocms 3.3.4 - RCE

Exploit Title: XiboCMS 3.3.4- Remote Code Execution Google Dork: N/A Date: 2025-11-18 Exploit Author: complexusprada Vendor Homepage: https://xibo.org.uk/ Software Link: https://github.com/xibosignage/xibo-cms Version: 1.8.0 - 2.3.16, 3.0.0 - 3.3.4 Tested on: Ubuntu Linux Docker, Xibo CMS 3.3.4...