K000161578: Linux kernel vulnerability CVE-2025-38085

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix hugepmdunshare vs GUP-fast race hugepmdunshare drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table...

WP BASE Booking - Reflected XSS

WP BASE Booking of Appointments, Services and Events WordPress plugin 5.0.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to...

May 12, 2026-KB5087053 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 10 Version 21H2 and Windows 10 Version 22H2

May 12, 2026-KB5087053 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 10 Version 21H2 and Windows 10 Version 22H2 Release Date: May 12, 2026 Version: .NET Framework 3.5 and 4.8.1 The May 12, 2026 update for Windows 10 Version 21H2 and Windows 10 Version 22H2 includes security and...

PT-2026-36165

Name of the Vulnerable Software and Affected Versions Amazon ECS Agent on Windows versions prior to 1.103.0 Description Improper neutralization of inputs used in an OS command within the FSx Windows File Server volume mounting component allows a remote authenticated threat actor to execute shell...

uutils coreutils doesn't preserve file ownership during moves across different filesystem boundaries

The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and...

GHSA-M976-87WM-48FM uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition

A Time-of-Check to Time-of-Use TOCTOU race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before recreating it through a copy operation. A local attacker with write access to the destination directory can exploit thi...

CVE-2026-29644

CVE-2026-29644 concerns XiangShan, an open-source high-performance RISC-V processor. The issue arises from improper gating of the distributed CSR write-enable path in the commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28), which can allow illegal CSR write attempts to alter the custom P...

CVE-2024-7083

The CVE-2024-7083 issue affects the WordPress Email Encoder (Email Encoder Bundle) plugin, prior to version 2.3.4. Root cause: insufficient sanitization/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in mul...

GHSA-G375-H3V6-4873 OpenClaw: Heartbeat owner downgrade missed local async exec completion events

Summary Heartbeat owner downgrade missed local async exec completion events. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.3.31 = 2026.4.10 Impact Local background exec completion text could be missed by heartbeat owner-downgrade detection, leaving ...

Agent Audit: A Security Analysis System for LLM Agent Applications

What should a developer inspect before deploying an LLM agent: the model, the tool code, the deployment configuration, or all three? In practice, many security failures in agent systems arise not from model weights alone, but from the surrounding software stack: tool functions that pass untrusted...

EUVD-2025-208829

MuraCMS through 10.1.10 contains a CSRF vulnerability in the Add To Group functionality for user management cUsers.cfc addToGroup method that allows attackers to escalate privileges by adding any user to any group without proper authorization checks. The vulnerable function lacks CSRF token...

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.6 Vulnerability Details CVEID:CVE-2021-3999 DESCRIPTION: A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A loc...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2019-1010023)

DISPUTED GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE...

EUVD-2023-54252

Malicious code in bioql PyPI...

EUVD-2022-29386

Malicious code in bioql PyPI...

EUVD-2022-52027

Malicious code in bioql PyPI...

EUVD-2024-53912

Malicious code in bioql PyPI...

EUVD-2023-58844

Malicious code in bioql PyPI...

EUVD-2022-52114

Malicious code in bioql PyPI...

EUVD-2023-59333

Malicious code in bioql PyPI...