3881 matches found
EUVD-2026-39931
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menutitle' and 'menumagnifiercolor' Settings in all versions up to, and including, 5.5.15 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-52944
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTLSETSPARSE FSCTLSETSPARSE in fsctlsetsparse modifies the file's sparse attribute and saves it through xattr without any permission checks. This exposes two...
CVE-2026-10753
The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-privileged users who have been granted dashboard sharing access such as Editors to modify a site-wide Site Kit by Google WordPress plugin before 1.176.0...
EUVD-2026-38695
The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-privileged users who have been granted dashboard sharing access such as Editors to modify a site-wide Site Kit by Google WordPress plugin before 1.176.0...
Hubbell Aclara Metrum Cellular Web Interface
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow attackers to manipulate critical device settings and repeatedly disrupt operations, potentially causing a loss of communications to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: platform/x86: think-lmi: Fixed reference leak If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned, and this reference needs to be disposed of using kobjectput. The validation of the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: rejection iftype changes with mesh ID changes It is currently possible to change the mesh ID when the interface is not yet in mesh mode, while also changing it into mesh mode. This leads to an overwrite of data in...
Astra Linux – Vulnerability in Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: “spufs”: fixed a leak in spufscreatecontext. The fix for the leak was implemented back in 2008; however, it overlooked one case—if we try to set affinity, and spufsmkdir fails, we need to remove the reference to the neighbor obje...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: iavf: Fixed an out-of-bounds situation when setting channels during iavfremove. If the channels are set to a value greater than what is actually allocated, it will cause a timeout, and an error will be returned. However, the...
Astra Linux – Vulnerability in Firefox
In a non-standard configuration of Firefox, an integer overflow could have occurred due to network traffic possibly under the influence of a local unprivileged web page, resulting in an out-of-bounds write to privileged process memory. This bug only affects Firefox if a non-standard preference...
EUVD-2026-36726
Multer vulnerable to Denial of Service via deeply nested field names...
EUVD-2026-37020
Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier...
EUVD-2026-37021
Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier...
EUVD-2026-37018
Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier...
EUVD-2026-37019
Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier...
CVE-2026-9262
Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier...
CVE-2026-9261
Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier...
CVE-2026-9260
Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier...
CVE-2026-9259
Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier...
CVE-2026-9258
Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier...