CVE-2026-9015

The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

[SECURITY] Fedora 44 Update: rust-astral_async_http_range_reader-0.11.0-2.fc44

A library for streaming reading of files over HTTP using range requests...

[SECURITY] Fedora 43 Update: rust-astral_async_http_range_reader-0.11.0-2.fc43

A library for streaming reading of files over HTTP using range requests...

PT-2026-44528

Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. Successful attacks of this vulnerability can resul...

PT-2026-44247

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description The issue exists in the isofs module where isofs fh to dentry and isofs fh to parent pass an attacker-controlled block numbe...

Oracle Database Server Net Service 安全漏洞

Oracle Database Server Net Service is a database network communication and connection management service component provided by Oracle Corporation. Versions 23.4.0 to 23.26.2 of Oracle Database Server Net Service contain security vulnerabilities. These vulnerabilities stem from issues with the Net...

PT-2026-44507

Name of the Vulnerable Software and Affected Versions Oracle REST Data Services versions 24.2.0 through 26.1.0 Description An issue in the Core component allows a low privileged attacker with network access via HTTPS to compromise the system. Exploitation is difficult and requires human interacti...

PT-2026-44532

Vulnerability in Oracle REST Data Services component: General. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability c...

pyjwt 安全漏洞

pyjwt is a Python library developed by José Padilla of the United States. It allows for the encoding and decoding of JSON Web Tokens JWTs. Security vulnerabilities exist in versions 2.9.0 to 2.12.1 of pyjwt. These vulnerabilities arise when the jwt.decode or jwt.decodecomplete function is called...

Linux Distros Unpatched Vulnerability : CVE-2026-44983

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec...

Drupal TFA Basic Plugins 安全漏洞

Drupal TFA Basic Plugins is a set of Drupal two-factor authentication extensions developed by the Drupal company. Versions 7.x-1.0 to 7.x-1.2 of Drupal TFA Basic Plugins contain security vulnerabilities. These vulnerabilities stem from access bypass issues, which could allow users with...

Oracle Payroll 安全漏洞

Oracle Payroll is an enterprise payroll calculation and payment management system developed by Oracle, a company in the United States. Versions 12.2.3 to 12.2.15 of Oracle Payroll contain security vulnerabilities. These vulnerabilities stem from issues with the Self Service Manager component, whi...

json-2-csv 安全漏洞

json-2-csv is a JSON-to-CSV conversion tool developed by Michael Rodrigues. Versions of json-2-csv from 3.15.0 to 5.5.11 had security vulnerabilities. These vulnerabilities stemmed from the possibility of bypassing the preventCsvInjection option, allowing attackers to inject formulas into the CSV...

IBM DB2 Multiple Vulnerabilities (7273554, 7273555, 7273556, 7273557, 7273558) (Windows)

According to its self-reported version number, IBM Db2 is affected by multiple vulnerabilities: - IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server stores potentially sensitive information in log files that could be read by a local user. CVE-2025-13755 - IBM Db2 is vulnerable to a...

RockyLinux 9 : libssh (RLSA-2026:18683)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:18683 advisory. libssh: Double Free Vulnerability in libssh Key Export Functions CVE-2025-5351 libssh: Use of uninitialized variable in privatekeyfromfile CVE-2025-4878...

PT-2026-44262

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the SMB client, the build sec desc function uses a buffer allocated with kmalloc, which does not zero-initialize the memory. Due to a change in the struct smb acl where the num aces...

Oracle Payroll 安全漏洞

Oracle Payroll is a corporate payroll calculation and distribution management system developed by Oracle, a company in the United States. Versions 12.2.3 to 12.2.15 of Oracle Payroll contain security vulnerabilities. These vulnerabilities stem from issues with the Internal Operations component,...

IBM DB2 Multiple Vulnerabilities (7273554, 7273555, 7273556, 7273557, 7273558) (Unix)

According to its self-reported version number, IBM Db2 is affected by multiple vulnerabilities: - IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server stores potentially sensitive information in log files that could be read by a local user. CVE-2025-13755 - IBM Db2 is vulnerable to a...

CVE-2026-46018

A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA USB audio driver. A malicious Universal Serial Bus USB audio device could send a malformed Universal Audio Class 2 UAC2 RANGE response. This could cause the system to repeatedly print error messages and potentially lead...

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +235 more potentially affected by CVE-2026-44681 via authlib (>=0.10.0 <=1.6.11)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.1 and more Source cves: CVE-2026-44681 Source advisory: OSV:PYSEC-2026-188...