CVE-2026-46260

A flaw was found in the Linux kernel's IPv6 networking subsystem. This vulnerability, an out-of-bound read, occurs during the creation of an IPv6 route with specific parameters. A local attacker could exploit this flaw to cause memory corruption, potentially leading to system instability or a...

CVE-2026-46260

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bound access in fib6addrt2node. syzbot reported out-of-bound read in fib6addrt2node. 0 When IPv6 route is created with RTANHID, struct fib6info does not have the trailing struct fib6nh. The cited commit started t...

EUVD-2026-34122

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bound access in fib6addrt2node. syzbot reported out-of-bound read in fib6addrt2node. 0 When IPv6 route is created with RTANHID, struct fib6info does not have the trailing struct fib6nh. The cited commit started t...

Mastodon - Open Redirect

Mastodon version 4.5.8, 4.4.15, 4.3.21 is vulnerable to unauthenticated Open Redirect vulnerability CWE-601 exists in the /web/ route due to improper handling of URL-encoded path segments. id: CVE-2026-33868 info: name: Mastodon - Open Redirect author: theamanrawat severity: medium description: |...

Python Flask-Security-Too <=5.3.2 - Open Redirect

An open redirect vulnerability exists in the python package Flask-Security-Too prior to version 5.3.3. Attackers can abuse the 'next' parameter on the /login and /register routes to redirect unsuspecting users to malicious sites via crafted URLs, which could lead to phishing or other attacks NVD...

WordPress < 4.8.2 - Authenticated Open Redirect

WordPress versions before 4.8.2 contain an open redirect caused by improper validation in wp-admin/edit-tag-form.php and wp-admin/user-edit.php, letting attackers redirect users to malicious sites, exploit requires access to admin interface. id: CVE-2017-14725 info: name: WordPress 4.8.2 -...

Linux Distros Unpatched Vulnerability : CVE-2026-44573

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n...

CVE-2026-32250

NamelessMC is website software for Minecraft servers. A Reflected Cross-Site Scripting XSS vulnerability was discovered in version 2.2.4 in the id parameter of the endpoint /index.php?route=/queries/user/. The application reflects user-supplied input from the id parameter into the HTML response...

CVE-2026-32250 NamelessMC has Reflected Cross-Site Scripting (XSS) in id parameter of /index.php?route=/queries/user/

NamelessMC is website software for Minecraft servers. A Reflected Cross-Site Scripting XSS vulnerability was discovered in version 2.2.4 in the id parameter of the endpoint /index.php?route=/queries/user/. The application reflects user-supplied input from the id parameter into the HTML response...

CVE-2026-32250 NamelessMC has Reflected Cross-Site Scripting (XSS) in id parameter of /index.php?route=/queries/user/

NamelessMC is website software for Minecraft servers. A Reflected Cross-Site Scripting XSS vulnerability was discovered in version 2.2.4 in the id parameter of the endpoint /index.php?route=/queries/user/. The application reflects user-supplied input from the id parameter into the HTML response...

MasterStudy LMS WordPress Plugin <= 3.2.5 - SQL Injection

The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied...

WordPress Paid Memberships Pro <2.9.8 - Blind SQL Injection

WordPress Paid Memberships Pro plugin before 2.9.8 contains a blind SQL injection vulnerability in the 'code' parameter of the /pmpro/v1/order REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of th...

CVE-2026-1784

The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration...

CVE-2026-1784

CVE-2026-1784 affects the Route OpenShift resource (OpenShift route definitions using HAProxy) where checks on the spec.path YAML stanza are insufficient, allowing controlled injection of the HAProxy configuration. The CVE description and linked records indicate this can lead to remote code execu...

CVE-2026-1784

The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration...

CVE-2026-1784 Ose-cluster-ingress-operator: remote code execution through haproxy configuration injection

The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration...

EUVD-2026-33883

The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration...

CVE-2026-1784 Ose-cluster-ingress-operator: remote code execution through haproxy configuration injection

The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration...

CVE-2026-1784

The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2023-20585: x86/CPU: Fix FPDSS on Zen1 bsc1243603. CVE-2025-68310: s390/pci: Use pciueventers in PCI recovery bsc1255160. CVE-2025-71183: btrfs: always detect...