CVE-2026-23119

In the Linux kernel, the following vulnerability has been resolved: bonding: provide a net pointer to skbflowdissect After 3cbf4ffba5ee "net: plumb network namespace into skbflowdissect" we have to provide a net pointer to skbflowdissect, either via skb-dev, skb-sk, or a user provided pointer. In...

CVE-2025-40905

WWW::OAuth 1.000 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

CVE-2026-26056

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from insufficient protection in the netdevsim module regarding operations on the bpfoundprogs list. Th...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, caused by an incorrect update of the lastgc value in the nfconncount module. This vulnerability may lead to an...

CVE-2026-26216

Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...

CVE-2026-21878 BACnet Stack Improperly Limits Pathnames to a Restricted Directory

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0.rc3, a vulnerability has been discovered in BACnet Stack's file writing functionality where there is no validation of user-provided file paths, allowing attackers to write files to arbitrary...

Malicious code in wropz-6module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b88cb695572ff176899ffcf9aed27987ea204493850e0bf4b17537d50b93dd59 The package wropz-6module was found to contain malicious code. Source: ghsa-malware 38cd1d5c8154310330369a075368b8556bcffed70470476c894f5d4feb1a2bae...

Malicious Package

Overview wropz-module is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in wropz-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48a8b0a5b3f12323a6bbc3014fa023b370236b8874253a47ed61930d4bbcee4d The package wropz-module was found to contain malicious code. Source: ghsa-malware fbe5a4f55692f6a9db6c052776dc2fcfd3825f7da077f3e45b67466cd4059bd0 A...

MAL-2026-892 Malicious code in wropz-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48a8b0a5b3f12323a6bbc3014fa023b370236b8874253a47ed61930d4bbcee4d The package wropz-module was found to contain malicious code. Source: ghsa-malware fbe5a4f55692f6a9db6c052776dc2fcfd3825f7da077f3e45b67466cd4059bd0 A...

OESA-2026-1336 gnupg2 security update

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: In GnuP...

CVE-2026-23856

Dell iDRAC Service Module iSM for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module iSM for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to...

📄 Xerte Online Toolkits 3.14 Upload Image Shell Upload

This Metasploit module exploits the user template file import functions unrestricted file upload in Xerte Online Toolkits versions 3.14 and earlier to upload and execute a shell. This targets editor/uploadImage.php. This has only been tested in implementations where the authentication type is Db...

CVE-2025-40905

WWW::OAuth 1.000 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

CVE-2025-70091

A cross-site scripting XSS vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Phone Number parameter...

Dell iDRAC Service Module (iSM) < 5.4.1.1 / 6.0.3.1 Elevation of Privilege (DSA-2026-077)

According to its self-reported version, the Dell iDRAC Service Module iSM installation on the remote Windows host is affected by an improper access control vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability to gain elevated privileges on the...

CVE-2025-40905

WWW::OAuth 1.000 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

CVE-2025-40905 WWW::OAuth 1.000 and earlier for Perl uses insecure rand() function for cryptographic functions

WWW::OAuth 1.000 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

CVE-2026-26056 Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...