PT-2026-36936

A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. This affects the function quick capture of the file pyshark mcp.py. The manipulation results in os command injection. The attack may be launched...

WordPress XT Quick View for WooCommerce plugin <= 2.1.5 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin XT Quick View for WooCommerce versions = 2.1.5...

CVE-2025-14576

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...

[SECURITY] Fedora 44 Update: ngtcp2-1.22.1-1.fc44

"Call it TCP/2. One More Time." ngtcp2 project is an effort to implement RFC9000 QUIC protocol...

EUVD-2026-25799

A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argument mitlinktype results in buffer overflow. The attack may be initiated remotely. The exploit is now...

CVE-2026-7099 Tenda F456 httpd QuickIndex formQuickIndex buffer overflow

A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argument mitlinktype results in buffer overflow. The attack may be initiated remotely. The exploit is now...

CVE-2026-7099

A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argument mitlinktype results in buffer overflow. The attack may be initiated remotely. The exploit is now...

CVE-2026-7099

The vulnerability CVE-2026-7099 affects Tenda F456 1.0.0.5, specifically the httpd component. The affected code is the function formQuickIndex in the file /goform/QuickIndex, where manipulating the argument mit_linktype causes a buffer overflow. The issue can be exploited remotely over the networ...

Malicious code in robase-library-quick-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3655afd9220b8d5df96a51d63e383fd4face5be5f31a2da02bcaf379d6625c6b During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-3041 Malicious code in robase-library-quick-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3655afd9220b8d5df96a51d63e383fd4face5be5f31a2da02bcaf379d6625c6b During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

[SECURITY] Fedora 44 Update: qt6-qtquick3d-6.10.3-1.fc44

The Qt 6 Quick3D library...

[SECURITY] Fedora 44 Update: qt6-qtquicktimeline-6.10.3-1.fc44

The Qt Quick Timeline plugin provides QML types to use timelines and keyframes to animate Qt Quick user interfaces...

EUVD-2026-22845

The Quick Interest Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'loan-amount' and 'loan-period' parameters in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013570)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013570 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix DMA transfer direction When CONFIGDMAAPIDEBUG is selected, while running the...

[SECURITY] Fedora 44 Update: qqc2-breeze-style-6.6.4-1.fc44

This is a pure Qt Quick/Kirigami Qt Quick Controls style...

[SECURITY] Fedora 44 Update: kf6-qqc2-desktop-style-6.25.0-1.fc44

This is a style for QtQuickControls 2 that uses QWidget's QStyle for painting, making possible to achieve an higher degree of consistency between QWidget-based and QML-based apps...

Malicious code in robase-quick-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f69377c01d5c0980cb9bf905be35133e5cd077e7c64c577460dc06e3871c2d9e During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-2821 Malicious code in robase-quick-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f69377c01d5c0980cb9bf905be35133e5cd077e7c64c577460dc06e3871c2d9e During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

WordPress Quick Interest Slider plugin <= 3.1.5 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Chawabhon Netisingha JNX03 in WordPress Plugin Quick Interest Slider versions = 3.1.5...

PT-2026-33012

Name of the Vulnerable Software and Affected Versions Quick Interest Slider versions prior to 3.1.6 Description The Quick Interest Slider plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escaping. Unauthenticated attackers can...