PT-2026-28620

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description A flaw exists in AVideo where WebSocket tokens do not expire as intended due to a commented-out timeout validation within the verifyTokenSocket function located in...

CVE-2026-27813

CVE-2026-27813 affects the EVerest EV charging software stack. Versions prior to 2026.02.0 contain a data race that can lead to a use-after-free condition. The issue is triggered by EV plug-in/unplug events and RFID/RemoteStart/OCPP authorization events (or delayed authorization responses). A pat...

EUVD-2026-15392

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtCT: drop pending enqueued packets on template removal Templates refer to objects that can go away while packets are sitting in nfqueue refer to: - helper, this can be an issue on module removal. - timeout policy,...

CVE-2026-23391

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtCT: drop pending enqueued packets on template removal Templates refer to objects that can go away while packets are sitting in nfqueue refer to: - helper, this can be an issue on module removal. - timeout policy,...

CVE-2026-23391

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtCT: drop pending enqueued packets on template removal Templates refer to objects that can go away while packets are sitting in nfqueue refer to: - helper, this can be an issue on module removal. - timeout policy,...

UBUNTU-CVE-2026-23391

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtCT: drop pending enqueued packets on template removal Templates refer to objects that can go away while packets are sitting in nfqueue refer to: - helper, this can be an issue on module removal. - timeout policy,...

CVE-2026-23391

CVE-2026-23391 affects the Linux kernel netfilter xt_CT feature. The issue arises when templates reference nfqueue objects (e.g., helper, nfnetlink_cttimeout) that can be removed while packets are queued, potentially leaving pending packets. The vulnerability has been resolved by flushing enqueue...

CVE-2026-23391 netfilter: xt_CT: drop pending enqueued packets on template removal

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtCT: drop pending enqueued packets on template removal Templates refer to objects that can go away while packets are sitting in nfqueue refer to: - helper, this can be an issue on module removal. - timeout policy,...

CVE-2026-23391

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtCT: drop pending enqueued packets on template removal Templates refer to objects that can go away while packets are sitting in nfqueue refer to: - helper, this can be an issue on module removal. - timeout policy,...

CVE-2026-23391 netfilter: xt_CT: drop pending enqueued packets on template removal

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtCT: drop pending enqueued packets on template removal Templates refer to objects that can go away while packets are sitting in nfqueue refer to: - helper, this can be an issue on module removal. - timeout policy,...

Linux Distros Unpatched Vulnerability : CVE-2026-23391

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: xtCT: drop pending enqueued packets on template removal Templates refer to objects that can go away while packets are sitting in nfqueue refer to: -...

EUVD-2026-14004

The Redirect countdown plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the countdownsettingscontent function. This makes it possible for unauthenticated attackers to update the plugin settings...

PT-2026-26807

The Redirect countdown plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the countdown settings content function. This makes it possible for unauthenticated attackers to update the plugin settings...

Information Disclosure

Node.js is vulnerable to Information Disclosure. The vulnerability is due to improper buffer allocation handling when using the vm module with the timeout option, where interrupted allocations may return buffers containing uninitialized memory, potentially exposing leftover data such as tokens or...

GHSA-MF3J-86QX-CQ5J Parse Server has Regular Expression Denial of Service (ReDoS) via `$regex` query in LiveQuery

Impact A malicious client can subscribe to a LiveQuery with a crafted $regex pattern that causes catastrophic backtracking, blocking the Node.js event loop. This makes the entire Parse Server unresponsive, affecting all clients. Any Parse Server deployment with LiveQuery enabled is affected. The...

melange 代码问题漏洞

Melange is a software developed by Chainguard for building APKs from source code. Versions of Melange prior to 0.40.5 have code vulnerabilities. This vulnerability arises from the fact that the melange update-cache process downloads URIs in the build configuration using io.Copy without size limit...

kernel: Linux kernel: vsock vulnerability may lead to memory corruption

A flaw was found in the Linux kernel's vsock component. This vulnerability occurs when a connect operation on an already established socket is interrupted by a signal or timeout, causing the system to mishandle the socket's state. This incorrect handling can lead to a race condition, potentially...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005642)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005642 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix timeout on deleted connection NOPIN response timer may expire on a delet...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005401)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005401 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix timeout on deleted connection NOPIN response timer may expire on a delet...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005460)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005460 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix handling of virtual Fibre Channel timeouts Hyper-V provides the ability to...