262 matches found
CVE-2026-53961
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the AWS SES bounce webhook at POST /webhooks/aws verified that SNS messages were signed by Amazon but did not bind them to trusted TopicArn values, allowing any AWS account holder to publish...
Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 CVSS score: 5.3, is a medium-severity information disclosure flaw that can allow unauthenticated attackers ...
CVE-2026-35014
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routesnm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a hidden input field VALUE attribute. Attacke...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fixed a slab-out-of-bounds issue in sesintfremove. A fix for the issue is as follows: BUG: KASAN: A slab-out-of-bounds condition occurred in sesintfremove+0x23f/0x270 ses. The size of the read operation was 8 bytes at...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Properly handle cases where an enclosure contains only one primary component. This fix reverts to commit 3fe97ff3d949 “scsi: ses: Do not attach if the enclosure has no components”. It also introduces proper handling fo...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: smb: Client: Fixed a potential Use-after-Allocation error in cifssignalcifsdforreconnect. Skipped sessions that are being terminated status == SESEXITING to avoid UAF errors...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: nfc: fixed the potential NULL pointer dereference in nfcgenldumpsesdone. The done netlink callback nfcgenldumpsesdone should check whether the received argument is non-NULL, because its allocation might fail earlier in dumpit...
EUVD-2026-27777
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix locking usage for tcon fields We used to use the cifstcpseslock to protect a lot of objects that are not just the server, ses or tcon lists. We later introduced srvlock, seslock and tclock to protect fields within the...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013826)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013826 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in sesenclosuredataprocess A fix for: BUG: KASAN:...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010825)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010825 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in sesenclosuredataprocess A fix for: BUG: KASAN:...
Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007025)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007025 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in sesintfremove A fix for: BUG: KASAN: slab-out-of-bounds in...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006933)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006933 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible descptr out-of-bounds accesses Sanitize possible descptr out-of-bounds...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013215)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013215 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in sesenclosuredataprocess A fix for: BUG: KASAN:...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-006706)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006706 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible descptr out-of-bounds accesses Sanitize possible descptr out-of-bounds...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006760)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006760 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in sesintfremove A fix for: BUG: KASAN: slab-out-of-bounds in...
Oracle Linux 7 : kernel (ELSA-2026-3685)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-3685 advisory. - ext4: fix use-after-free in ext4orphancleanup CVE-2022-50673 Orabug: 39036029 - Squashfs: check return result of sbminblocksize CVE-2025-38415 Orabug...
kernel security update
3.10.0-1160.119.1.0.19 - ext4: fix use-after-free in ext4orphancleanup CVE-2022-50673 Orabug: 39036029 - Squashfs: check return result of sbminblocksize CVE-2025-38415 Orabug: 39036029 - atm: clip: Fix infinite recursive call of clippush. CVE-2025-38459 Orabug: 39036029 - usb: core: config: Preve...
EulerOS 2.0 SP10 : kernel (EulerOS-SA-2026-1313)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : scsi: mpt3sas: Fix crash in transport port remove by using iocinfoCVE-2025-40115 scsi: target: Fix WRITESAME No Data Buffer crashCVE-2022-21546...
CLSA-2026-1773048865 kernel: Fix of 53 CVEs
xhci: Remove device endpoints from bandwidth list when freeing the device CVE-2022-50470 - HID: multitouch: Add NULL check in mtinputconfigured CVE-2024-58020 - netfilter: nftsetpipapo: clamp maximum map bucket size to INTMAX CVE-2025-38201 - fs: writeback: fix use-after-free in markinodedirty...
Oracle Linux 7 : kernel (ELSA-2026-1581)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-1581 advisory. - e1000e: fix heap overflow in e1000seteeprom CVE-2025-39898 Orabug: 38904071 - i40e: fix idx validation in config queues msg CVE-2025-39971 Orabug:...