Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0011)

Before Kentico Xperience 13 Hotfix 173, this vulnerability can be exploited with any username provided. For Hotfix = 173 and = 173 and 178, this vulnerability can be exploited only if you provide a valid Staging Service username default: admin impact: | Unauthenticated attackers can bypass...

MAL-2026-6311 Malicious code in @thymelab/logfx (npm)

@thymelab/logfx malicious version 2.15.5, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern...

MAL-2026-6210 Malicious code in @apexcraft/nano-key (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c46938b3634fb4de89ddf44b765e1c766c871a40fb31c54609c1b3526074e65c @apexcraft/nano-key advertises itself as a 12-byte sortable ID generator README and repository metadata are copied from yiwen-ai/xid-ts, an unrelated...

Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006)

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...

CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

DEBIAN-CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

UBUNTU-CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

CVE-2026-54056

Kitty (GPU-based terminal) vulnerability CVE-2026-54056 affects versions 0.47.0–0.47.1 where a remote drag-and-drop via kitten dnd staging can overwrite or truncate arbitrary files writable by the local user. The attack chains a staged remote text/uri-list, exploiting a race in staging where a st...

CVE-2026-54056 Kitty has an arbitrary file overwrite via symlink following in `kitten dnd` remote drop staging

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

CVE-2026-54056 Kitty has an arbitrary file overwrite via symlink following in `kitten dnd` remote drop staging

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

PT-2026-48992

Name of the Vulnerable Software and Affected Versions Kitty versions 0.47.0 through 0.47.1 Description In the kitten dnd component, a malicious remote drag-and-drop source can overwrite or truncate arbitrary files that the local user has permission to write. This occurs because remote text/uri-li...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a null pointer dereferencing in the rtwcbufalloc function within the staging rtl8723bs driver. Th...

WordPress plugin WPvivid Backup & Migration 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2025-12656

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the deletecancelstagingsite function in all versions up to, and including, 0.9.128. This makes it possible for authenticated...

CVE-2025-12656

The WPvivid Backup & Migration plugin for WordPress is affected by an arbitrary directory deletion vulnerability due to insufficient file path validation in delete_cancel_staging_site() in all versions up to and including 0.9.128. Authenticated attackers with Administrator-level access can delete...

CVE-2026-42760

Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup and Staging by WP Time Capsule: from n/a through = 1.22.25...

CVE-2026-8654

Improper input validation in Delphix Continuous Data connectors allows an authenticated user to execute arbitrary operating system commands on the staging or target host...

Exploit for Out-of-bounds Write in Linux Linux_Kernel

Charantej Architecture: Hardened Container Staging & Syscall T...

WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.25 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by dodoh4t in WordPress Plugin Backup and Staging by WP Time Capsule versions = 1.22.25...