CVE-2026-46253

In the Linux kernel, the following vulnerability has been resolved: pstore/ram: fix buffer overflow in persistentramsaveold persistentramsaveold can be called multiple times for the same persistentramzone e.g., via ramoopspstoreread - ramoopsgetnextprz for PSTORETYPEDMESG records. Currently, the...

CVE-2026-46253

In Linux kernel pstore/ram, CVE-2026-46253, the vulnerability is a heap buffer overflow during persistent_ram_save_old(). If the buffer size has grown since the first allocation, the code updates old_log_size to the new size and then copies with memcpy_fromio(), risking an out-of-bounds write (an...

CVE-2026-42320

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read arbitrary files inside the GLPIDOCDIR. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

EUVD-2026-34096

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read arbitrary files inside the GLPIDOCDIR. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

CVE-2026-44281 GLPI vulnerable to unauthorized reading of a specific asset object

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with config READ permission can read a specific asset object. Upgrade to 11.0.7 or 10.0.25 to receive a patch...

CVE-2026-44281

GLPI CVE-2026-44281 affects GLPI versions 0.78 through prior to 10.0.25 and 11.0.7. An authenticated user with config READ permission can read a specific asset object, exposing information. Patch available by upgrading to 10.0.25 or 11.0.7.

CVE-2026-44281

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with config READ permission can read a specific asset object. Upgrade to 11.0.7 or 10.0.25 to receive a patch...

EUVD-2026-34102

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with config READ permission can read a specific asset object. Upgrade to 11.0.7 or 10.0.25 to receive a patch...

CVE-2026-44281 GLPI vulnerable to unauthorized reading of a specific asset object

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with config READ permission can read a specific asset object. Upgrade to 11.0.7 or 10.0.25 to receive a patch...

Security update 5.0.8 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer overflow...

CVE-2026-0076

In validateNode of ResourceTypes.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Bazarr < 1.4.3 - Arbitrary File Read

Bazarr 1.4.3 and earlier versions have a arbitrary file read vulnerability. id: CVE-2024-40348 info: name: Bazarr Bazarr" - 'content="Bazarr' - "window.Bazarr" condition: or internal: true - method: GET path: - "BaseURL/api/swaggerui/static/../../../../../../../../../../../../../../../../etc/pass...

Sitecore Experience Platform <= 10.4 - Arbitrary File Read

An issue was discovered in Sitecore Experience Platform XP, Experience Manager XM, and Experience Commerce XC 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files. id: CVE-2024-46938 info: name: Sitecore Experience Platform = 10.4 - Arbitrary File...

Sonicwall - Pre-Authentication Arbitrary File Read

Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...

Error Log Viewer By WP Guru <= 1.0.1.3 - Missing Authorization to Arbitrary File Read

The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wpajaxnoprivelvwplogdownload AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, whi...

CVE-2025-70101

An out-of-bounds read in the ext4extbinsearchidx function in src/ext4extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 filesystem image. The vulnerability occurs due to insufficient validation of extent header fields before...

CVE-2025-70101

An out-of-bounds read in the ext4extbinsearchidx function in src/ext4extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 filesystem image. The vulnerability occurs due to insufficient validation of extent header fields before...

Siemens SENTRON PAC Out-of-bounds Read (CVE-2020-13987)

The TCP/IP stack uIP in affected devices is vulnerable to out-of-bounds read when calculating the checksum for IP packets. An attacker located in the same network could trigger a Denial-of-Service condition on the device by sending a specially crafted IP packet. This plugin only works with...

PT-2026-46025

In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl xcvr: Revert fix missing lock in fsl xcvr mode put This reverts commit f51424872760 "ASoC: fsl xcvr: fix missing lock in fsl xcvr mode put". The original patch attempted to acquire the card-controls rwsem lock in fsl xc...

Linux Distros Unpatched Vulnerability : CVE-2026-46155

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early,...