261 matches found
Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 CVSS score: 5.3, is a medium-severity information disclosure flaw that can allow unauthenticated attackers ...
CVE-2026-35014
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routesnm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a hidden input field VALUE attribute. Attacke...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: smb: Client: Fixed a potential Use-after-Allocation error in cifssignalcifsdforreconnect. Skipped sessions that are being terminated status == SESEXITING to avoid UAF errors...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Properly handle cases where an enclosure contains only one primary component. This fix reverts to commit 3fe97ff3d949 “scsi: ses: Do not attach if the enclosure has no components”. It also introduces proper handling fo...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fixed a slab-out-of-bounds issue in sesintfremove. A fix for the issue is as follows: BUG: KASAN: A slab-out-of-bounds condition occurred in sesintfremove+0x23f/0x270 ses. The size of the read operation was 8 bytes at...
EUVD-2026-27777
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix locking usage for tcon fields We used to use the cifstcpseslock to protect a lot of objects that are not just the server, ses or tcon lists. We later introduced srvlock, seslock and tclock to protect fields within the...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: nfc: fixed the potential NULL pointer dereference in nfcgenldumpsesdone. The done netlink callback nfcgenldumpsesdone should check whether the received argument is non-NULL, because its allocation might fail earlier in dumpit...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013826)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013826 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in sesenclosuredataprocess A fix for: BUG: KASAN:...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010825)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010825 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in sesenclosuredataprocess A fix for: BUG: KASAN:...
Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007025)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007025 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in sesintfremove A fix for: BUG: KASAN: slab-out-of-bounds in...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006933)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006933 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible descptr out-of-bounds accesses Sanitize possible descptr out-of-bounds...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013215)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013215 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in sesenclosuredataprocess A fix for: BUG: KASAN:...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-006706)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006706 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible descptr out-of-bounds accesses Sanitize possible descptr out-of-bounds...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006760)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006760 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in sesintfremove A fix for: BUG: KASAN: slab-out-of-bounds in...
Oracle Linux 7 : kernel (ELSA-2026-3685)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-3685 advisory. - ext4: fix use-after-free in ext4orphancleanup CVE-2022-50673 Orabug: 39036029 - Squashfs: check return result of sbminblocksize CVE-2025-38415 Orabug...
kernel security update
3.10.0-1160.119.1.0.19 - ext4: fix use-after-free in ext4orphancleanup CVE-2022-50673 Orabug: 39036029 - Squashfs: check return result of sbminblocksize CVE-2025-38415 Orabug: 39036029 - atm: clip: Fix infinite recursive call of clippush. CVE-2025-38459 Orabug: 39036029 - usb: core: config: Preve...
EulerOS 2.0 SP10 : kernel (EulerOS-SA-2026-1313)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : scsi: mpt3sas: Fix crash in transport port remove by using iocinfoCVE-2025-40115 scsi: target: Fix WRITESAME No Data Buffer crashCVE-2022-21546...
CLSA-2026-1773048865 kernel: Fix of 53 CVEs
xhci: Remove device endpoints from bandwidth list when freeing the device CVE-2022-50470 - HID: multitouch: Add NULL check in mtinputconfigured CVE-2024-58020 - netfilter: nftsetpipapo: clamp maximum map bucket size to INTMAX CVE-2025-38201 - fs: writeback: fix use-after-free in markinodedirty...
Oracle Linux 7 : kernel (ELSA-2026-1581)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-1581 advisory. - e1000e: fix heap overflow in e1000seteeprom CVE-2025-39898 Orabug: 38904071 - i40e: fix idx validation in config queues msg CVE-2025-39971 Orabug:...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005402)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005402 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Handle enclosure with just a primary component gracefully This reverts commit...