CVE-2026-24795 An Out-of-bounds Write in CloverHackyColor/CloverBootloader

Out-of-bounds Write vulnerability in CloverHackyColor CloverBootloader MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma modules. This vulnerability is associated with program files regcomp.C. This issue affects CloverBootloader: before 5162...

CVE-2026-1465

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in anyrtcIO-Community anyRTC-RTMP-OpenSource thirdparty/faad2-2.7/libfaad modules. This vulnerability is associated with program files bits.C, syntax.C. This issue affects anyRTC-RTMP-OpenSource: before 1.0...

WordPress Hustle plugin <= 7.8.9.2 - Authenticated (Subscriber+) Arbitrary File Upload via Module Import vulnerability

Authenticated Subscriber+ Arbitrary File Upload via Module Import vulnerability discovered by Williwollo CybrX in WordPress Plugin Hustle versions = 7.8.9.2...

MAL-2026-517 Malicious code in @afg-ikea/ikea-family-registration-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1ac39afe31e807b61c9297e45f81042917f9e889e1ceb953fcaeba093c75576 The package @afg-ikea/ikea-family-registration-module was found to contain malicious code. Source: ghsa-malware...

PT-2026-5042

Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions 9.0.0 through 9.13.9 DNN formerly DotNetNuke versions 10.0.0 through 10.1.x Description DNN formerly DotNetNuke is an open-source web content management platform. A module friendly name can include scripts that...

PT-2026-4873

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in coolsnowwolf lede package/lean/mt/drivers/mt7603e/src/mt7603 wifi/common modules. This vulnerability is associated with program files bn lib.C. This issue affects lede: through r25.10.1...

PT-2026-4897

Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in ttttupup wxhelper src modules. This vulnerability is associated with program files mongoose.C. This issue affects wxhelper: through 3.9.10.19-v1...

PT-2026-4875

Improper Control of Generation of Code 'Code Injection' vulnerability in liuyueyi quick-media plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules. This vulnerability is associated with program files PNGImageEncoder.Java. This issue affects quick-media...

PT-2026-4889

Integer Overflow or Wraparound vulnerability in swoole swoole-src thirdparty/hiredis modules. This vulnerability is associated with program files sds.C. This issue affects swoole-src: before 6.0.2...

PT-2026-4886

Vulnerability in root-project root builtins/zlib modules. This vulnerability is associated with program files inffast.C. This issue affects root...

PT-2026-5043

Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions prior to 9.13.10 DNN formerly DotNetNuke versions prior to 10.2.0 Description DNN formerly DotNetNuke is an open-source web content management platform. Prior to versions 9.13.10 and 10.2.0, the module title...

PT-2026-4927

VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requests without proper administrative...

PT-2026-4913

A vulnerability in the Pix-Link LV-WR21Q router's language module allows remote attackers to trigger a denial of service DoS by sending a specially crafted HTTP POST request containing non-existing language parameter. This renders the server unable to serve correct lang.js file, which causes...

UBUNTU-CVE-2025-15469

Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms such as Ed25519, Ed448, or ML-DSA m...

Pix-Link LV-WR21Q code issue and vulnerability

The Pix-Link LV-WR21Q is a wireless router produced by the Chinese company Pix-Link. The Pix-Link LV-WR21Q has a code vulnerability, which stems from improper handling of the language module. This vulnerability could allow remote attackers to trigger a denial-of-service attack through a specially...

PT-2026-5039

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a content editor could inject scripts in module headers/footers that would run for other users. Versions 9.13.10 and 10.2.0...

Multiple Vulnerabilities in Apache Kafka

Multiple Vulnerabilities addressed in Apache Kafka CVE-2023-25194 A possible security vulnerability has been identified in Apache Kafka Connect. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a...

UBUNTU-CVE-2026-22795

Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS12 file. Impact summary: An application processing a malformed PKCS12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005073)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005073 advisory. In the Linux kernel, the following vulnerability has been resolved: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdttrigger When the cpu5wdt module is...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005145)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005145 advisory. In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructe...