CVE-2026-45684

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using the total ioviter.count as the copy length. When log...

CVE-2018-25427 Arm Whois 3.11 Buffer Overflow via SEH Overwrite

Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the structured exception...

CVE-2026-8382

The Advanced Custom Fields ACF® plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrit...

USN-8360-1 sslh vulnerability

It was discovered that sslh did not properly handle symbolic links when writing its PID file. A local attacker could possibly use this issue to overwrite arbitrary files...

Missing Authorization

Overview @vitest/ui is an UI for Vitest Affected versions of this package are vulnerable to Missing Authorization through the api and browser.api request handlers in the server and UI components. An attacker can run tests, modify project files, or overwrite snapshots by connecting to an exposed...

Missing Authorization

Overview @vitest/browser is a Browser running for Vitest Affected versions of this package are vulnerable to Missing Authorization through the api and browser.api request handlers in the server and UI components. An attacker can run tests, modify project files, or overwrite snapshots by connectin...

Missing Authorization

Overview vitest is a Next generation testing framework powered by Vite Affected versions of this package are vulnerable to Missing Authorization through the api and browser.api request handlers in the server and UI components. An attacker can run tests, modify project files, or overwrite snapshot...

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. However, Apache Airflow has security vulnerabilities. The...

CVE-2026-8382

The Advanced Custom Fields ACF® plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrit...

CVE-2026-35671

phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without authorization verification. An attacker with low-privilege admin credentials can escalate to...

GHSA-PGXQ-P76C-X9CG formie's unauthenticated front-end submission editing can overwrite existing submissions

Impact Unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. Patches 2.2.21, 3.1.26 Workarounds Block unauthenticated access to actions/formie/submissions/save-submission, or disable/customize front-end submissio...

formie's unauthenticated front-end submission editing can overwrite existing submissions

Impact Unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. Patches 2.2.21, 3.1.26 Workarounds Block unauthenticated access to actions/formie/submissions/save-submission, or disable/customize front-end submissio...

CVE-2026-47266 Formie: Unauthenticated front-end submission editing can overwrite existing submissions

Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. This vulnerability is fixed in 2.2.21 and 3.1.26...

CVE-2026-47266

CVE-2026-47266 - Formie (Craft CMS plugin) Affected: Formie plugin for Craft CMS. Vulnerable in versions prior to 2.2.21 and 3.1.26. Root cause: Unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. Impact: Allow...

RLSA-2026:18480 Important: linux-sgx security update

The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SGX enabled applications in C/C++. Security Fixes: qs: qs: Denial of Service via improper input validation in array parsing CVE-2025-15284 node-tar: tar: node-ta...

linux-sgx security update

An update is available for linux-sgx. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Intel SGX SDK is a collection of APIs, libraries, documentations and...

OESA-2026-2478 sed security update

Sed is a non-interactive command-line text editor. A stream editor is used to per-form basic text transformations on an input stream a file or input from a pipeline. Security Fixes: When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two...

Emlog Pro 安全漏洞

Emlog Pro is an open-source blog system developed by Emlog. Version 2.6.9 of Emlog Pro contains a security vulnerability, which stems from a path traversal vulnerability in the template upload function. This vulnerability allows authenticated administrators to execute arbitrary PHP code. By...

PT-2026-44901

Name of the Vulnerable Software and Affected Versions Emlog Pro version 2.6.9 Description The template upload feature contains a path traversal issue, which occurs when an application uses user-supplied input to construct a pathname that is then used in a file operation. This allows authenticated...

EUVD-2026-33351

The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP code. By uploading a malicious ZIP archive containing directory traversal sequences in filenames, an attacker can overwrite default template files or...