CVE-2026-8363

A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:...

PT-2026-44097

A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: wifi: wfx: fix memory leak when starting AP Kmemleak reported this error: unreferenced object 0xd73d1180 size 184: comm "wpasupplicant", pid 1559, jiffies 13006305 age 964.245s hex dump first 32 bytes: 00 00 00 00 00 00 00 00 00 ...

CVE-2026-41146

facil.io is a C micro-framework for web applications. Prior to commit 5128747363055201d3ecf0e29bf0a961703c9fa0, fiojsonparse can enter an infinite loop when it encounters a nested JSON value starting with i or I. The process spins in user space and pegs one CPU core at 100% instead of returning a...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010689)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010689 advisory. In the Linux kernel, the following vulnerability has been resolved: arch/arm64: Fix topology initialization for core scheduling Arm64 systems rely on storecputopolog...

Undertow 环境问题漏洞

Undertow is a web server provided by the Undertow company in the United States. Undertow has a security vulnerability that stems from its failure to follow standards when processing HTTP request headers starting with spaces. This vulnerability may allow remote attackers to execute request payload...

GHSA-V9VM-R24H-6RQM Gogs: Release tag option injection in release deletion

Summary There is a security issue in Gogs where deleting a release can fail if a user-controlled tag name is passed to Git without the right separator, allowing Git option injection and therefore interfering with the process. Affected Component - internal/database/release.go process.ExecDir...,...

Gogs: Release tag option injection in release deletion

Summary There is a security issue in Gogs where deleting a release can fail if a user-controlled tag name is passed to Git without the right separator, allowing Git option injection and therefore interfering with the process. Affected Component - internal/database/release.go process.ExecDir...,...

CVE-2026-0013

In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-24476

Shaarli (personal bookmarking service) is affected by CVE-2026-24476 prior to version 0.16.0. A malicious tag beginning with a double quote (") prematurely ends the start-page input tag and injects arbitrary HTML, enabling a possible XSS. The issue is fixed in version 0.16.0. Public references in...

PT-2026-4832

Name of the Vulnerable Software and Affected Versions Shaarli versions prior to 0.16.0 Description Shaarli is a personal bookmarking service susceptible to a cross-site scripting XSS issue. A malicious tag beginning with a double quote " can prematurely terminate the tag on the start page, enabli...

CVE-2018-10081

CMS Made Simple CMSMS through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring...

EUVD-2023-60285

In the Linux kernel, the following vulnerability has been resolved: firmware: armsdei: Fix sleep from invalid context BUG Running a preempt-rt v6.2-rc3-rt1 based kernel on an Ampere Altra triggers: BUG: sleeping function called from invalid context at kernel/locking/spinlockrt.c:46 inatomic: 0,...

CVE-2023-54002

CVE-2023-54002 (Linux kernel) concerns a btrfs exclop balance bug where the assertion of valid states for exclusive operations could fail when starting balance amid paused balance and device add; this can occur under race conditions with multiple threads. Connected documents outline two scenarios...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ext4 file system not properly setting the target starting block, which could lead to out-of-bounds acces...

EUVD-2025-204536

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...

CVE-2025-10163

The List category posts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘startingwith’ parameter of the catlist shortcode in all versions up to, and including, 0.91.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2025-10163

Summary: WordPress plugin List category posts (versions

CVE-2025-10163 List Category Posts <= 0.91.0 - Authenticated (Contributor+) SQL Injection via Plugin's Shortcode

The List category posts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘startingwith’ parameter of the catlist shortcode in all versions up to, and including, 0.91.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2025-64307 Brightpick Mission Control / Internal Logic Control Missing Authentication for Critical Function

The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes...