CVE-2026-1490 Spam protection, Honeypot, Anti-Spam by CleanTalk <= 6.71 - Authorization Bypass via Reverse DNS (PTR record) Spoofing to Unauthenticated Arbitrary Plugin Installation

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS PTR record spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it...

EUVD-2026-5835

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS PTR record spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it...

CVE-2026-1490 Spam protection, Honeypot, Anti-Spam by CleanTalk <= 6.71 - Authorization Bypass via Reverse DNS (PTR record) Spoofing to Unauthenticated Arbitrary Plugin Installation

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS PTR record spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it...

[SECURITY] Fedora 42 Update: nginx-1.28.2-1.fc42

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

[SECURITY] Fedora 43 Update: nginx-1.28.2-1.fc43

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

A Real-Time Approach to Autonomous CAN Bus Reverse Engineering

This paper introduces a real-time method for reverse engineering a vehicle's CAN bus without prior knowledge of the vehicle or its CAN system. By comparing inertial measurement and CAN data during significant vehicle events, the method accurately identified the CAN channels associated with the...

Djena_Bertrand

Description This the writeup on the challenges we solved duri...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a logical error in the reverse generation mask check logic within the nftmapcatchallactivate...

CVE-2026-25949

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. An unauthenticated client can exploit this vulnerability by sending a specific 8-byte Postgres SSLRequest STARTTLS prelude and then intentionally delaying further communication. This action bypasses Traefik's configured read...

CVE-2026-25748

authentik is an open-source identity provider. Prior to 2025.10.4 and 2025.12.4, with a malformed cookie it was possible to bypass authentication when using forward authentication in the authentik Proxy Provider when used in conjunction with Traefik or Caddy as reverse proxy. When a malicious...

CVE-2026-25748

authentik is an open-source identity provider. Prior to 2025.10.4 and 2025.12.4, with a malformed cookie it was possible to bypass authentication when using forward authentication in the authentik Proxy Provider when used in conjunction with Traefik or Caddy as reverse proxy. When a malicious...

CVE-2026-25748 authentik has a forward authentication bypass with broken cookie

authentik is an open-source identity provider. Prior to 2025.10.4 and 2025.12.4, with a malformed cookie it was possible to bypass authentication when using forward authentication in the authentik Proxy Provider when used in conjunction with Traefik or Caddy as reverse proxy. When a malicious...

CVE-2026-25748

The vulnerability CVE-2026-25748 affects authentik prior to 2025.10.4 and 2025.12.4 in the Proxy Provider when used with Traefik or Caddy as reverse proxy. A malformed cookie could bypass authentication during forward authentication, causing missing authentik headers (X-Authentik-*) and potential...

Fedora 43 : p11-kit (2026-f1fabb2a49)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f1fabb2a49 advisory. Notable changes from the rebase: pkcs11: Update PKCS11 headers to version 3.2 rpc: fix NULL dereference via CDeriveKey with specific NULL parameters...

CVE-2025-29939

Improper access control in secure encrypted virtualization SEV could allow a privileged attacker to write to the reverse map page RMP during secure nested paging SNP initialization, potentially resulting in a loss of guest memory confidentiality and integrity...

CVE-2025-0012

Improper handling of overlap between the segmented reverse map table RMP and system management mode SMM memory could allow a privileged attacker corrupt or partially infer SMM memory resulting in loss of integrity or confidentiality...

CVE-2025-0012

Improper handling of overlap between the segmented reverse map table RMP and system management mode SMM memory could allow a privileged attacker corrupt or partially infer SMM memory resulting in loss of integrity or confidentiality...

CVE-2025-29939

Improper access control in secure encrypted virtualization SEV could allow a privileged attacker to write to the reverse map page RMP during secure nested paging SNP initialization, potentially resulting in a loss of guest memory confidentiality and integrity...

UBUNTU-CVE-2025-0012

Improper handling of overlap between the segmented reverse map table RMP and system management mode SMM memory could allow a privileged attacker corrupt or partially infer SMM memory resulting in loss of integrity or confidentiality...

UBUNTU-CVE-2025-29939

Improper access control in secure encrypted virtualization SEV could allow a privileged attacker to write to the reverse map page RMP during secure nested paging SNP initialization, potentially resulting in a loss of guest memory confidentiality and integrity...