PT-2026-35356

A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/send message.php of the component Chat Interface. The manipulation of the argument msg results in cross site scripting. The attack may be launched remotely. The exploit is now public...

PT-2026-35559

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description Improper authorization checks in the 'chat.send' path allow write-scoped gateway callers to perform admin-only session reset operations. This enables attackers to rotate target sessions, archive...

CVE-2026-7058 666ghj MiroFish Inter-Process Communication simulation_ipc.py SimulationIPCClient.send_command command injection

A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.sendcommand of the file backend/app/services/simulationipc.py of the component Inter-Process Communication. Such manipulation leads to command injection. It is possible to launc...

CVE-2026-7058

CVE-2026-7058 affects 666ghj MiroFish

smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush()

...

smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list()

...

EUVD-2026-25700

A vulnerability was found in Typecho up to 1.3.0. This vulnerability affects the function Service::sendPingHandle of the file var/Widget/Service.php of the component Ping Back Service Endpoint. The manipulation of the argument X-Pingback/link results in server-side request forgery. The attack may...

CVE-2026-7013 MaxSite CMS mail_send Plugin cross site scripting

A security vulnerability has been detected in MaxSite CMS up to 109.3. Affected by this issue is some unknown functionality of the component mailsend Plugin. The manipulation of the argument fsubject/ffiles/ffrom leads to cross site scripting. The attack can be initiated remotely. The exploit has...

PT-2026-35194

A security vulnerability has been detected in MaxSite CMS up to 109.3. Affected by this issue is some unknown functionality of the component mail send Plugin. The manipulation of the argument f subject/f files/f from leads to cross site scripting. The attack can be initiated remotely. The exploit...

SUSE CVE-2025-66286

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP request...

SUSE CVE-2026-31534

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

SUSE CVE-2026-31536

In the Linux kernel, the following vulnerability has been resolved: smb: server: let senddone handle a completion without IBSENDSIGNALED With smbdirectsendbatch processing we likely have requests without IBSENDSIGNALED, which will be destroyed in the final request that has IBSENDSIGNALED set. If...

SUSE CVE-2026-31537

In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirectsocket.sendio.bcredits It turns out that our code will corrupt the stream of reassabled data transfer messages when we trigger an immendiate empty send. In order to fix this we'll have a single...

SUSE CVE-2026-31609

In the Linux kernel, the following vulnerability has been resolved: smb: client: avoid double-free in smbdfreesendio after smbdsendbatchflush smbdsendbatchflush already calls smbdfreesendio, so we should not call it again after smbdpostsend moved it to the batch list...

Linux Distros Unpatched Vulnerability : CVE-2026-31536

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: server: let senddone handle a completion without IBSENDSIGNALED With smbdirectsendbatch processing we likely have requests without IBSENDSIGNALED, which wi...

CVE-2026-31537

A flaw was found in the Linux kernel's Server Message Block SMB server. An attacker could exploit this vulnerability by triggering an immediate empty send operation, which would corrupt the stream of reassembled data transfer messages. This corruption could lead to data integrity issues or...

CVE-2026-31534

No description is available for this CVE...

CVE-2026-31608

In the Linux kernel, the following vulnerability has been resolved: smb: server: avoid double-free in smbdirectfreesendmsg after smbdirectflushsendlist smbdirectflushsendlist already calls smbdirectfreesendmsg, so we should not call it again after postsendmsg moved it to the batch list...

CVE-2026-31534

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

DEBIAN-CVE-2026-31537

In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirectsocket.sendio.bcredits It turns out that our code will corrupt the stream of reassabled data transfer messages when we trigger an immendiate empty send. In order to fix this we'll have a single...