EUVD-2026-27661

In the Linux kernel, the following vulnerability has been resolved: fbdev: of: displaytiming: fix refcount leak in ofgetdisplaytimings ofparsephandle returns a devicenode with refcount incremented, which is stored in 'entry' and then copied to 'nativemode'. When the error paths at lines 184 or 19...

CVE-2026-31691

The CVE-2026-31691 vulnerability affects the Linux kernel igb driver. It describes a race where igb_down() calls napi_synchronize() before napi_disable(), causing a hang: napi_synchronize() waits on NAPI_STATE_SCHED that never clears, blocking TX and leaving the TX queue stalled. The fix removes ...

PT-2026-30695

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download...

Fedora 42 : wireshark (2025-f810869906)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-f810869906 advisory. New version 4.6.1 Beware of the move of files from /usr/lib64/wireshark/extcap/ to /usr/libexec/wireshark/extcap. Any custom user scripts should be...

CVE-2025-66266

The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the 'Everyone' group Full Control. A local attacker can replace the executable with a malicious binary to execute code with SYSTEM privileges or simply change the config path of the service to a command; startin...

CVE-2023-53612

CVE-2023-53612 affects the Linux kernel hwmon subsystem, specifically the coretemp platform driver. The vulnerability arises from unconventional platform-device handling where work is done globally by initcalls and CPU hotplugnotifiers, while the driver mainly wraps allocation and hwmon interface...

CVE-2023-53172 fsverity: reject FS_IOC_ENABLE_VERITY on mode 3 fds

In the Linux kernel, the following vulnerability has been resolved: fsverity: reject FSIOCENABLEVERITY on mode 3 fds Commit 56124d6c87fd "fsverity: support enabling with tree block size fmode & FMODEREAD' in kernelread became reachable by fuzz tests. This happens if FSIOCENABLEVERITY is called on...

CVE-2025-38631 clk: imx95-blk-ctl: Fix synchronous abort

In the Linux kernel, the following vulnerability has been resolved: clk: imx95-blk-ctl: Fix synchronous abort When enabling runtime PM for clock suppliers that also belong to a power domain, the following crash is thrown: error: synchronous external abort: 0000000096000010 1 PREEMPT SMP Workqueue...

Linux Distros Unpatched Vulnerability : CVE-2024-25620

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose...

Sage 200 Spain 安全漏洞

Sage 200 Spain is a business management software from Sage. A security vulnerability exists in Sage 200 Spain versions prior to 2025.35.000, which stems from an SMB mandatory authentication vulnerability that could lead to an administrator-privileged user obtaining an NTLMv2-SSP hash by changing...

CVE-2024-13117

The Social Share Buttons for WordPress plugin through 2.7 allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded...

WordPress plugin Social Share Buttons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...

CVE-2025-21660

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix unexpectedly changed path in ksmbdvfskernpathlocked When ksmbdvfskernpathlocked met an error and it is not the last entry, it will exit without restoring changed path buffer. But later this buffer may be used as the...

CVE-2024-7531

The Mozilla Foundation Security Advisory describes this flaw as: Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on Intel Sandy Bridge and later processors. In Firefox this only affects the QUIC header protection feature when the...

CVE-2024-7531

Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...

CVE-2024-7531

CVE-2024-7531 involves Mozilla Firefox and Firefox ESR. The connected documents confirm the underlying vulnerability: calling PK11_Encrypt() in NSS with CKM_CHACHA20 and using the same buffer for input and output can expose plaintext on Intel Sandy Bridge CPUs. In Firefox, the impact is limited t...

UBUNTU-CVE-2024-25620

Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the Chart.yaml file includes a relative path change, the chart would be saved outside its expected directory based on the...

CVE-2024-25620

Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the Chart.yaml file includes a relative path change, the chart would be saved outside its expected directory based on the...

CVE-2023-43697

Modification of Assumed-Immutable Data MAID in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests...

Saho ADM100 、ADM-100FP 访问控制错误漏洞

The Saho ADM100 and Saho ADM-100FP are both full-service security appliances from Saho Corporation. An access control error vulnerability exists in the Saho ADM100 and ADM-100FP, which could allow an unauthenticated attacker to bypass authentication by modifying the path to a Web site, read syste...