Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011119)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011119 advisory. In the Linux kernel, the following vulnerability has been resolved: selinux: enable use of both GFPKERNEL and GFPATOMIC in convertcontext The following warning was...

CVE-2026-40896

CVE-2026-40896 concerns OpenProject before version 17.3.0, where a user with the low-privilege permission manage_agendas in any project can inject agenda items into meetings across other projects due to an unscoped section lookup vulnerability. The attack does not require knowledge of the target ...

CLSA-2026-1776691972 binutils: Fix of CVE-2025-7545

CVE-2025-7545: fix heap buffer overflow in objcopy copysection...

CLSA-2026-1776673982 binutils: Fix of 2 CVEs

CVE-2026-3441: heap OOB read via XTYLD xscnlen csect index - CVE-2026-3442: OOB read on rsymndx before symhashes indexing...

Republican Mutiny Sinks Trump's Push to Extend Warrantless Surveillance

A post-midnight revolt in the House sank the White House's efforts to extend Section 702—a spy program the FBI has used to look into members of Congress, protesters, and political donors...

CLSA-2026-1776351395 libtiff: Fix of 2 CVEs

CVE-2022-3970: fix integer overflow in TIFFReadRGBATileExt on strips/tiles 2 GB - CVE-2022-0891: fix heap buffer overflow in extractImageSection in tiffcrop...

EUVD-2025-209493

The Career Section plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Path Traversal and Arbitrary File Deletion in all versions up to, and including, 1.6. This is due to missing nonce validation and insufficient file path validation on the delete action in the...

WordPress Career Section plugin <= 1.6 - Cross-Site Request Forgery to Arbitrary File Deletion vulnerability

Cross-Site Request Forgery to Arbitrary File Deletion vulnerability discovered by Ivan Cese in WordPress Plugin Career Section versions = 1.6...

CVE-2025-14868

The Career Section plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Path Traversal and Arbitrary File Deletion in all versions up to, and including, 1.6. This is due to missing nonce validation and insufficient file path validation on the delete action in the...

CVE-2025-14868 Career Section <= 1.6 - Cross-Site Request Forgery to Arbitrary File Deletion

The Career Section plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Path Traversal and Arbitrary File Deletion in all versions up to, and including, 1.6. This is due to missing nonce validation and insufficient file path validation on the delete action in the...

CVE-2025-14868

The Career Section plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Path Traversal and Arbitrary File Deletion in all versions up to, and including, 1.6. This is due to missing nonce validation and insufficient file path validation on the delete action in the...

CVE-2025-14868

The CVE affects the WordPress Career Section plugin (versions up to 1.6). The root cause is missing nonce validation and insufficient file path validation on the delete action in appform_options_page_html, enabling CSRF that can lead to Path Traversal and Arbitrary File Deletion. The vulnerabilit...

WordPress plugin Career Section 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-33281

The Career Section plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Path Traversal and Arbitrary File Deletion in all versions up to, and including, 1.6. This is due to missing nonce validation and insufficient file path validation on the delete action in the 'appform...

CVE-2026-40499

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

CVE-2026-40499

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

EUVD-2026-22826

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

CVE-2026-40499

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

PT-2026-33002

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's print gvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

CVE-2025-65136

Summary: CVE-2025-65136 affects the Manikandan580 School-management-system 1.0. The vulnerability is a reflected XSS in the admin-facing page /studentms/admin/contact-us.php, exploitable via the pagedes POST parameter. The accompanying data from multiple sources (NVD, EUVD-ENISA, CVE lists, and v...