CVE-2026-31687 gpio: omap: do not register driver in probe()

In the Linux kernel, the following vulnerability has been resolved: gpio: omap: do not register driver in probe Commit 11a78b794496 "ARM: OMAP: MPUIO wake updates" registers the omapmpuiodriver from omapmpuioinit, which is called from omapgpioprobe. However, it neither makes sense to register...

CVE-2026-30462

A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal...

GHSA-JP4C-XJXW-MGF9 pip Vulnerable to Inclusion of Functionality from Untrusted Control Sphere

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

cpython: Header injection in http.cookies.Morsel in Python

An injection flaw has been discovered in Python. When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

CVE-2026-6357

CVE-2026-6357 affects pip prior to 26.1, where a self-update check would run after wheel installation and could import recently installed Python modules. The root cause is that imports of certain well-known module names were deferred to speed up CLI startup, allowing a wheel install to trigger im...

EUVD-2026-25857

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

crypto/x509: Incorrect enforcement of email constraints in crypto/x509

A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly...

USN-8210-1 nginx vulnerabilities

It was discovered that the nginx ngxmailauthhttpmodule module incorrectly handled certain requests. An attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service. CVE-2026-27651 It was discovered that the nginx ngxhttpdavmodule module incorrectly handled...

CVE-2026-31683

A flaw was found in the batman-adv module of the Linux kernel. This vulnerability arises when the Optimized Global Messaging OGM aggregation state is dynamically altered, leading to insufficient buffer space skb tailroom for network packets. A remote attacker could exploit this condition by sendi...

org.apache.camel.karaf:camel-pqc (>=4.14.5 <=4.18.1), org.apache.camel.quarkus:camel-quarkus-pqc (>=3.24.0 <=3.33.0) +2 more potentially affected by CVE-2026-40048 via org.apache.camel:camel-pqc (>=4.12.0 <=4.18.1)

org.apache.camel:camel-pqc MAVEN version =4.12.0, =4.14.5, =3.24.0, =3.24.0, =4.12.0, =4.18.1 Source cves: CVE-2026-40048 Source advisory: OSV:GHSA-V3VG-332R-MW99...

Exploit for CVE-2026-0911

CVE-2026-0911 — Hustle modül import PoC WordPress eklentisi...

FUEL CMS 路径遍历漏洞

FUEL CMS is a content management system CMS developed by David McReynolds using the Codelgniter framework. Version 1.5.2 of FUEL CMS contains a path traversal vulnerability, which stems from path traversal in the Blocks module and could lead to directory traversal attacks...

EUVD-2026-25881

A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal...

CVE-2026-30462

A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal...

PT-2026-35493

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock condition exists in the GPIO OMAP driver. The omap mpuio driver was being registered within the omap gpio probe function. Because the driver core prohibits registering drivers...

PT-2026-35455

A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal...

PT-2026-35435

Name of the Vulnerable Software and Affected Versions pip versions prior to 26.1 Description The self-update check functionality runs after installing wheel files, which requires importing well-known Python module names. These imports were deferred to improve the startup time of the pip CLI. This...

CVE-2026-30462

A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal...