WordPress plugin Kcaptcha 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Xerte Online Toolkits 安全漏洞

Xerte Online Toolkits is an online learning content creation platform provided by Xerte Ltd. in the UK. Versions of Xerte Online Toolkits 3.15 and earlier contained a security vulnerability. This vulnerability stemmed from the unvalidated user-accessible /setup page, which allowed access to the...

PT-2026-34539

Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed root path value...

Linux Distros Unpatched Vulnerability : CVE-2026-31456

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/pagewalk: fix race between concurrent split and refault The splitting of a PUD entry in walkpudrange can race with a concurrent thread refaulting the PUD lea...

CVE-2026-34275

Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite component: Setup and Administration. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...

Malicious code in build-metadata-logger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 be01b550f3d8914aa6bd8659c9a410054e4e0bf9203d33e93478eb444e957b55 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in buildenv-collector (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ed214a591cc269b484b5a0831e170e9db89aa33d168ab77c7826837495cd0f38 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2964 Malicious code in buildenv-collector (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ed214a591cc269b484b5a0831e170e9db89aa33d168ab77c7826837495cd0f38 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the setupChannelData function in internaldwacompressor.h due to improper handling of arithmetic operations on image dimensions. An attacker can cause unexpected behavior or potentially execute arbitrary...

CVE-2026-40244

OpenEXR exposed an integer overflow in the DWA setupChannelData path. In versions 3.4.0–3.4.9, 3.3.0–3.3.9, and 3.2.0–3.2.7, internal_dwa_compressor.h:1722 performs curc->width * curc->height using int32 arithmetic without a size_t cast, creating an overflow condition. A fix has been applie...

CVE-2026-40244 OpenEXR has integer overflow in DWA setupChannelData planarUncRle pointer arithmetic (missed variant of CVE-2026-34589)

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, internaldwacompressor.h:1722 performs curc-width curc-height in int32...

CVE-2026-41295

OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-process code...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013098)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013098 advisory. In the Linux kernel, the following vulnerability has been resolved: nfs4setupreaddir: insufficient locking for -dparent-dinode dereferencing Theoretically it's an...

PT-2026-36921

Name of the Vulnerable Software and Affected Versions Nginx UI versions 2.0.0 through 2.3.7 Description An unauthenticated network attacker can claim the initial administrator account on a fresh instance during the first-run setup window. The public endpoint "/api/install" is accessible without...

Oracle Advanced Inbound Telephony 安全漏洞

Oracle Advanced Inbound Telephony is a call center call handling system developed by Oracle, a US-based company. Versions 12.2.3 to 12.2.15 of Oracle Advanced Inbound Telephony contain security vulnerabilities. These vulnerabilities stem from issues with the Setup and Administration component,...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010823)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010823 advisory. In the Linux kernel, the following vulnerability has been resolved: clk: st: Fix memory leak in stofquadfssetup If stclkregisterquadfspll fails, @lock should be free...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013028)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013028 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix ioremap issues in lpfcsli4pcimemsetup When iftype equals zero and...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013266)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013266 advisory. An issue was discovered in sunxidivsclksetup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derivedname, which...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013309)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013309 advisory. In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak of md thread In raid10run, if setupconf succeed and raid10run failed befor...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-013243)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013243 advisory. In the Linux kernel, the following vulnerability has been resolved: net: fix UAF issue in nfqnlnfhookdrop when opsinit failed When the opsinit interface is invoked ...