EUVD-2026-39277

In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: bound SRPRSP sense copy by the received length srpprocessrsp copies sense data from rsp-data + respdatalen, where respdatalen is the full 32-bit value supplied by the SRP target and is never checked against the number o...

CVE-2026-53186

The CVE-2026-53186 issue affects the Linux kernel RDMA/srp path. srp_process_rsp() copies sense data using resp_data_len (provided by the SRP target) without bounding against the actual received bytes (wc->byte_len). Although the copy length is limited to SCSI_SENSE_BUFFERSIZE (96 bytes), the ...

Qlik Sense Enterprise - HTTP Request Smuggling

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ftcm: Do not free the command immediately Do not release the command prematurely. Wait for the status completion of the sense status. The command can then be released. Otherwise, we will perform a double-release of t...

CVE-2026-9280

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

Not What You Asked For: Typographic Attacks in Household Robot Manipulation

Open-vocabulary embodied AI agents increasingly rely on vision-language models such as CLIP for object perception and task grounding. However, the shared embedding space that enables this flexibility introduces a structural vulnerability to typographic attacks, where printed text in a physical...

Astra Linux – Vulnerability in Qemu

An “off-by-one” error was detected in the SCSI device emulation in QEMU. This error could occur during the processing of MODE SELECT commands in modesensepage, if the ‘page’ argument is set to MODEPAGEALLS 0x3f. A malicious guest could exploit this flaw to potentially cause QEMU to crash, resulti...

CVE-2026-25720

A vulnerability exists in SenseLive X3050’s web management interface due to improper session lifetime enforcement, allowing authenticated sessions to remain active for extended periods without requiring re-authentication. An attacker with access to a previously authenticated session could continu...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-013396)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013396 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix scsimodesense buffer length handling Several problems exist with scsimodesense...

Unity Linux 20.1050a / 20.1060a Security Update: kernel (UTSA-2026-013389)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013389 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix scsimodesense buffer length handling Several problems exist with scsimodesense...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013452)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013452 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix scsimodesense buffer length handling Several problems exist with scsimodesense...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007301)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007301 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix scsimodesense buffer length handling Several problems exist with scsimodesense...

CVE-2025-12884

CVE-2025-12884 — The WordPress plugin Advanced Ads – Ad Manager & AdSense is vulnerable to an authorization bypass in versions up to and including 2.0.14 via the function placement_update_item(). This allows authenticated attackers with subscriber-level access and above to update ad placements, p...

EUVD-2020-30971

Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepMgmtService.exe to inject malicio...

CVE-2020-36934

The CVE-2020-36934 entry concerns Deep Instinct Windows Agent 1.2.24.0, exposing an unquoted service path in the DeepNetworkService. The vulnerability allows a local user to inject code that could run with LocalSystem privileges during service startup via the path C:\Program Files\HP Sure Sense\D...

CVE-2020-36934

Deep Instinct Windows Agent 1.2.24.0 contains an unquoted service path vulnerability in the DeepNetworkService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepNetworkService.exe to inject...

CVE-2025-12984 Advanced Ads – Ad Manager & AdSense <= 2.0.15 - Authenticated (Admin+) SQL Injection

The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 2.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

WordPress plugin Advanced Ads – Ad Manager & AdSense SQL injection vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-1493

Name of the Vulnerable Software and Affected Versions WPShop.Ru AdsPlace'r – Ad Manager, Inserter, AdSense Ads versions through 1.1.5 Description The software contains a flaw related to improper input handling during web page creation, leading to a DOM-Based Cross-site Scripting XSS condition. Th...

Malicious code in cloudy-uvi-sense-v11 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff56869fcef2b46c119633fc140a8c99af63e3e4a7e05c5e75f3fc64213dbeb2 The package cloudy-uvi-sense-v11 was found to contain malicious code. Source: ossf-package-analysis...