UBUNTU-CVE-2026-33376

When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask usually /128 to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here...

CVE-2025-14910 Edimax BR-6208AC FTP Daemon Service handle_retr path traversal

A vulnerability was detected in Edimax BR-6208AC 1.02. This impacts the function handleretr of the component FTP Daemon Service. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. Edimax confirms this issue: "This product is...

Security Bulletin: IBM Content Navigator consumes vulnerable spring framework library

Summary A bypass vulnerability where, despite CVE-2024-38820 ensuring Locale-independent lowercase conversion for disallowedFields patterns and request parameter names, there are still cases where it is possible to bypass the disallowedFields checks . Vulnerability Details CVEID:CVE-2025-22233...

EUVD-2020-28341

Malware in sbrugna...

EUVD-2024-0913

Malicious code in bioql PyPI...

WordPress JetEngine <= 3.7.0 - Remote Code Execution (RCE) Vulnerability

Remote Code Execution RCE Vulnerability discovered by stealthcopter in WordPress Plugin JetEngine versions = 3.7.0...

Exploit for CVE-2025-30208

CVE-2025-30208 Vite Arbitrary File Read vulnerability 🌌 Here'...

Exploit for CVE-2025-49113

CVE‑2025‑49113 – Post‑Auth Remote Code Execution in Roundcube...

CVE-2025-6020

A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. Mitigation Disable the pamnamespace module if it is not essential for...

CVE-2025-6021

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. Mitigation Mitigation for this issue is either not...

CVE-2025-49796

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined...

WordPress Widget Logic <= 6.0.5 - Remote Code Execution (RCE) Vulnerability

Remote Code Execution RCE Vulnerability discovered by ch4r0n Patchstack Alliance in WordPress Plugin Widget Logic versions = 6.0.5...

CVE-2025-49128

A flaw was found in the Jackson-core JsonLocation.appendSourceDesc method. This vulnerability allows up to 500 bytes of unintended memory content to be included in exception messages. This issue may lead to unintended information disclosure. Mitigation If upgrading is not immediately possible,...

WordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light plugin <= 2.4.37 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by ch4r0n in WordPress Plugin Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light versions = 2.4.37...

WordPress MasterStudy LMS Pro plugin <= 4.7.0 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Plugin MasterStudy LMS Pro versions = 4.7.0...

CVE-2023-45206

An issue was discovered in Zimbra Collaboration ZCS 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scripting XSS. Adding an adequate message to avoid malicious code will mitigate this issue...

WordPress Goodlayers Hostel plugin <= 3.1.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Bonds in WordPress Plugin Goodlayers Hostel versions = 3.1.4...

CVE-2025-32421 Next.js Race Condition to Cache Poisoning

Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve pageProps data instead of standard HTML. Thi...

WordPress Meta Keywords & Description plugin <= 0.8 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Meta Keywords & Description versions = 0.8...

WordPress Flynax Bridge plugin <= 2.2.0 - Unauthenticated Privilege Escalation via Account Takeover vulnerability

Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by kr0d in WordPress Plugin Flynax Bridge versions = 2.2.0...