40722 matches found
CVE-2026-63830
In the Linux kernel, the following vulnerability has been resolved: net: skmsg: preserve sg.copy across SG transforms The skmsg sg.copy bitmap is part of the scatterlist entry ownership state. A set bit tells skmsgcomputedatapointers not to expose the entry through writable BPF ctx-data. This...
CVE-2026-63835
In the Linux kernel, the following vulnerability has been resolved: batman-adv: v: prevent OGM aggregation on disabled hardif When an interface gets disabled, the worker is correctly disabled by batadvhardifdisableinterface - ... - batadvvogmifacedisable. In this process, the skb aggrlist is also...
CVE-2026-63793 ntfs: serialize volume label accesses
In the Linux kernel, the following vulnerability has been resolved: ntfs: serialize volume label accesses Protect vol-volumelabel with a mutex and snaphost the label before copytouser. This prevent a use-after-free when FSIOCSETFSLABEL replaces the vol-volumelabel and FSIOCGETTSLABEL reads it...
EUVD-2026-45459
In the Linux kernel, the following vulnerability has been resolved: ntfs: serialize volume label accesses Protect vol-volumelabel with a mutex and snaphost the label before copytouser. This prevent a use-after-free when FSIOCSETFSLABEL replaces the vol-volumelabel and FSIOCGETTSLABEL reads it...
CVE-2026-53375
The CVE affects the Linux kernel DRM AMDGPU VCE code path. The vulnerability involved partial address patches where only one of lo/hi was valid, risking a bad address being written to the firmware (FW). The issue has been resolved upstream by applying a patch that prevents partial address writes,...
CVE-2026-16213 Fantomas42 django-blog-zinnia Protected Entry Password entry_protection.py cleartext storage
A security flaw has been discovered in Fantomas42 django-blog-zinnia up to 0.20. Affected by this vulnerability is an unknown functionality of the file zinnia/views/mixins/entryprotection.py of the component Protected Entry Password Handler. The manipulation results in cleartext storage of...
WordPress Secure Copy Content Protection and Content Locking <2.8.2 - SQL Injection
WordPress Secure Copy Content Protection and Content Locking plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not escape the sccpid parameter of the ayssccpresultsexportfile AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL...
Arcserve Unified Data Protection - Authentication Bypass
An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin function within wizardLogin. id: CVE-2024-0799 info: name: Arcserve Unified Data Protection -...
Grafana <= 6.7.1 - Cross-Site Scripting
Grafana through 6.7.1 contains an unauthenticated stored cross-site scripting vulnerability due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot...
PT-2026-61109
In the Linux kernel, the following vulnerability has been resolved: ntfs: serialize volume label accesses Protect vol-volume label with a mutex and snaphost the label before copy to user. This prevent a use-after-free when FS IOC SETFSLABEL replaces the vol-volume label and FS IOC GETTSLABEL read...
PT-2026-61151
In the Linux kernel, the following vulnerability has been resolved: batman-adv: v: prevent OGM aggregation on disabled hardif When an interface gets disabled, the worker is correctly disabled by batadv hardif disable interface - ... - batadv v ogm iface disable. In this process, the skb aggr list...
PT-2026-61047
A security flaw has been discovered in Fantomas42 django-blog-zinnia up to 0.20. Affected by this vulnerability is an unknown functionality of the file zinnia/views/mixins/entry protection.py of the component Protected Entry Password Handler. The manipulation results in cleartext storage of...
Imperva Customers Protected Against “wp2shell” Pre-Authentication RCE in WordPress Core
TL;DR : A critical pre-authentication Remote Code Execution RCE vulnerability, dubbed "wp2shell" CVE-2026-63030, has been identified in WordPress Core. This vulnerability allows an unauthenticated attacker to execute arbitrary code on a vulnerable WordPress installation without any preconditions,...
EUVD-2026-45286
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow 1.9.0 could allow server-side request forgery SSRF due to insecure default configuration and incomplete enforcement of the SSRF protection mechanism...
EUVD-2026-45237
Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, a non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/action/sync; the regular integration endpoint POST...
CVE-2026-16103
A flaw was found in the keycloak-services component of Keycloak. This issue is an incomplete fix for CVE-2026-9798, where brute-force protection checks were added to the Client-Initiated Backchannel Authentication CIBA initiation handler but were omitted from the token redemption handler. This...
EUVD-2026-45225
A flaw was found in the keycloak-services component of Keycloak. This issue is an incomplete fix for CVE-2026-9798, where brute-force protection checks were added to the Client-Initiated Backchannel Authentication CIBA initiation handler but were omitted from the token redemption handler. This...
CVE-2026-16103
Keycloak CVE-2026-16103 affects the keycloak-services component. It describes an incomplete fix for CVE-2026-9798: brute-force protection checks were added to the CIBA initiation path but omitted from the token redemption path. As a result, an attacker with valid client credentials can obtain acc...
CVE-2026-50646
A flaw was found in .NET Framework. This protection mechanism failure allows an unauthorized attacker to execute arbitrary code locally. Successful exploitation of this vulnerability can lead to a complete compromise of the affected system...
CVE-2026-60025
The Joomla extension Events Booking prior version 5.8.0 had an frontend file upload endpoint that lacked CSRF protection...