CVE-2026-34030 Improper branch-code validation in Wertheim SafeController Software allows file path manipulation

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and...

CVE-2026-11884

A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the ocsuperior SUP field length is omitted from buffer size calculations in readschemadse and schemaoctostring, but the field is still written via strcat. An attacker with Directory Manager...

CVE-2026-11884 389-ds-base: 389-ds-base: heap buffer overflow in schema objectclass serialization due to missing oc_superior in size calculation

A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the ocsuperior SUP field length is omitted from buffer size calculations in readschemadse and schemaoctostring, but the field is still written via strcat. An attacker with Directory Manager...

CVE-2025-5089 Arista EOS SysDB Agent Denial of Service via Malformed CVX Client/Server Messages

In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed messages received from the connected CVX server. Similarly, the CVX server is not resilient to certain malformed messages received from the connected EOS switch. This leads to either a Sysdb agent cras...

EUVD-2026-33807

In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-41258 OpenMRS: Stored Velocity SSTI to RCE via ConceptReferenceRange

OpenMRS is an open source electronic medical record system platform. From 2.7.0 to before 2.7.9 and 2.8.6, the ConceptReferenceRangeUtility.evaluateCriteria method in OpenMRS Core evaluates database-stored criteria strings as Apache Velocity templates without any sandbox configuration. The...

SUSE CVE-2020-11565

An issue was discovered in the Linux kernel through 5.6.2. mpolparsestr in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability...

Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via the ResolutionRequest process. An attacker can execute arbitrary code on the resolver pod and exfiltrate cluster-wide secrets by injecting malicious commands into the revision parameter of the git...

SUSE CVE-2026-21727

--- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /static/img/heros/hero-legal2.svg content: " Cross-Tenant Legacy Correlation Disclosure and Deletion" date: 2026-01-29 product: Grafana severity: Low cve: CVE-2026-21727 cvssscore: "3.3" cvssvector:...

CVE-2026-3347 Multi Functional Flexi Lightbox <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via 'message' Parameter

The Multi Functional Flexi Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the arvlbmessage parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This is due to the arvlboptionsval sanitize callback returning...

CVE-2026-20441

In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10432500; Issue ID: MSV-5803...

CVE-2026-20427

In display, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5537...

EUVD-2026-9150

In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10315038 / ALPS10340155; Issue ID: MSV-51...

CVE-2026-20429

In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5535...

CVE-2026-20442

In display, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5723...

CVE-2026-20436

In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00473802; Issue ID:...

CVE-2026-20436

CVE-2026-20436 affects the MediaTek WLAN STA driver, with a missing bounds check in the driver leading to local privilege escalation if an attacker already has System privileges. No user interaction is required. Impact is rated high for confidentiality, integrity, and availability; attack vector ...

EUVD-2026-9156

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5536...

CVE-2025-12772 Plaintext Switch admin login password is seen in Brocade SANnav support save

Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains this switch password in clear text. The...

EulerOS Virtualization 2.10.0 : polkit (EulerOS-SA-2026-1190)

According to the versions of the polkit packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be...