CVE-2026-23389 ice: Fix memory leak in ice_set_ringparam()

In the Linux kernel, the following vulnerability has been resolved: ice: Fix memory leak in icesetringparam In icesetringparam, txrings and xdprings are allocated before rxrings. If the allocation of rxrings fails, the code jumps to the done label leaking both txrings and xdprings. Furthermore, i...

Moderate: Red Hat Security Advisory: vsftpd security update

An update for vsftpd is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability...

CVE-2026-28225 Manyfold has IDOR in ModelFilesController

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.1, the getmodel method in ModelFilesController line 158-160 loads models using Model.findparamparams:modelid without policyscope, bypassing...

Malicious Package

Overview jest-param-validator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-1046 Malicious code in jest-param-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92f5050070ee0637ff34403bfa22fe7464561a421a99410e084c74e1bd023b08 The package jest-param-validator was found to contain malicious code. Source: ghsa-malware...

Malicious code in jest-param-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92f5050070ee0637ff34403bfa22fe7464561a421a99410e084c74e1bd023b08 The package jest-param-validator was found to contain malicious code. Source: ghsa-malware...

CVE-2019-25455

Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability exploitable by unauthenticated attackers via the a parameter in ara.html. Attackers can manipulate database queries through crafted GET requests to extract sensitive information. The CVE specifies high impact with confidentiality leak...

PT-2026-20863

Name of the Vulnerable Software and Affected Versions CDATA FD614GS3-R850 version 3.2.7 P161006 Build.0333.250211 Description A buffer overflow issue exists in CDATA FD614GS3-R850 version 3.2.7 P161006 Build.0333.250211. This flaw allows an attacker to potentially execute arbitrary code by...

CVE-2019-25346

TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'servername' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information...

CVE-2026-2162

A vulnerability was determined in itsourcecode News Portal Project 1.0. This affects an unknown part of the file /admin/aboutus.php. This manipulation of the argument pagetitle causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized...

VulnCheck KEV: CVE-2025-7081

A vulnerability has been found in Belkin F9K1122 1.00.33 and classified as critical. Affected by this vulnerability is the function formSetWanStatic of the file /goform/formSetWanStatic of the component webs. The manipulation of the argument...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004926)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004926 advisory. In the Linux kernel, the following vulnerability has been resolved: powerpc/64: Init jump labels before parseearlyparam On 64-bit, calling jumplabelinit in...

CVE-2026-1120

A vulnerability has been found in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/delwork.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2021-41739

A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with GET param logs and POST param rp...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993115)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993115 advisory. In the Linux kernel, the following vulnerability has been resolved: powerpc/64: Init jump labels before parseearlyparam On 64-bit, calling jumplabelinit in...

CVE-2022-50814

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/zip - fix mismatch in get/set sglsgenr KASAN reported this Bug: 17619.659757 BUG: KASAN: global-out-of-bounds in paramgetint+0x34/0x60 17619.673193 Read of size 4 at addr fffff01332d7ed00 by task readall/1507958...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992483)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992483 advisory. In the Linux kernel, the following vulnerability has been resolved: powerpc/64: Init jump labels before parseearlyparam On 64-bit, calling jumplabelinit in...

PT-2025-53932

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel’s crypto/hisi zip module related to a mismatch when getting or setting the sgl sge nr variable. The type of sgl sge nr is u16, but it was being access...

EUVD-2025-205659

Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.parameval...

CVE-2025-15192 D-Link DWR-M920 formLtefotaUpgradeQuectel sub_415328 command injection

A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fotaurl leads to command injection. The attack can be executed remotely. The exploit has been...