CVE-2026-24811

Vulnerability in root-project root builtins/zlib modules. This vulnerability is associated with program files inffast.C. This issue affects root...

CVE-2025-28162

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer ASan, the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive...

Cross-dashboard privilege escalation via permission management

Grafana is an open-source platform for monitoring and observability. The platform supports creating dashboards, which collate various visualisation panels onto one plane. These can have per-user permissions. If a user has permission management rights on one dashboard, they could edit the...

WinAVR security vulnerability

WinAVR is an open-source microcontroller development toolkit developed by WinAVR. Version WinAVR 20100110 has a security vulnerability, which stems from improper permission settings. This vulnerability may lead to the modification of system files and executable files...

Raimersoft TapinRadio security vulnerability

Raimersoft TapinRadio is a web radio software developed by Raimersoft Corporation. The version 2.13.7 of Raimersoft TapinRadio contains a security vulnerability. This vulnerability stems from a buffer overflow in the application’s proxy settings, which could lead to program crashes...

MAL-2026-509 Malicious code in @sommos/create-program-template-form-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa7bdf06061a821a92bec72c1ea8826213552ec4486d81e7776553a74293dd79 The package @sommos/create-program-template-form-data was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @sommos/create-program-template-form-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa7bdf06061a821a92bec72c1ea8826213552ec4486d81e7776553a74293dd79 The package @sommos/create-program-template-form-data was found to contain malicious code. Source: ossf-package-analysis...

CVE-2020-36958

Kite 1.2020.1119.0 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Kite\KiteService.exe' to inject malicious executables and escalate...

CVE-2020-36958 Kite 1.2020.1119.0 - 'KiteService' Unquoted Service Path

Kite 1.2020.1119.0 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Kite\KiteService.exe' to inject malicious executables and escalate...

CVE-2025-59094

A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System management application d9sysdef.exe. Within this application it is possible to specify an arbitrary executable as well as the weekday and start time, when the specified executable should be run with SYSTEM...

GLSA-202601-01 : inetutils: Remote Code Execution

The remote host is affected by the vulnerability described in GLSA-202601-01 inetutils: Remote Code Execution The telnetd server invokes /usr/bin/login normally running as root passing the value of the USER environment variable received from the client as the last parameter. If the client supply ...

GIMP: Arbitrary Code Execution

Background GIMP is the GNU Image Manipulation Program. XCF is the native image file format used by GIMP. Description A vulnerability has been discovered in GIMP. Please review the CVE identifier referenced below for details. Impact This vulnerability allows remote attackers to execute arbitrary...

CVE-2020-36935

KMSpico 17.1.0.0 contains an unquoted service path vulnerability in the KMSELDI service configuration (C:\Program Files\KMSpico\Service_KMS.exe) that allows local attackers with access to potentially execute arbitrary code and escalate privileges by injecting a malicious executable. The available...

CVE-2025-69039

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in goalthemes Bailly bailly allows PHP Local File Inclusion.This issue affects Bailly: from n/a through = 1.3.4...

Wordfence Bug Bounty Program Monthly Report – December 2025

Last month in December 2025, the Wordfence Bug Bounty Program received 759 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfen...

CVE-2026-22994

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix reference count leak in bpfprogtestrunxdp syzbot is reporting unregisternetdevice: waiting for sit0 to become free. Usage count = 2 problem. A debug printk patch found that a refcount is obtained at xdpconvertmdtobuff fr...

CVE-2026-22994

CVE-2026-22994 in the Linux kernel is due to a reference-count leak in the bpf_prog_test_run_xdp path (bpf: Fix reference count leak in bpf_prog_test_run_xdp()). The issue arises from refcount handling between xdp_convert_md_to_buff() and xdp_convert_buff_to_md() and may affect the bpf_prog_test_...

CVE-2026-22994

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix reference count leak in bpfprogtestrunxdp syzbot is reporting unregisternetdevice: waiting for sit0 to become free. Usage count = 2 problem. A debug printk patch found that a refcount is obtained at xdpconvertmdtobuff fr...

UBUNTU-CVE-2025-15059

GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

CVE-2021-47853

phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operatin...