CVE-2026-8944

The Plugin for Google Analytics by IO technologies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the Google Analytics settings page ga.php. This makes it possible for unauthenticated...

JS Help Desk <= 2.8.1 - SQL Injection

The JS Help Desk – Best Help Desk & Support Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘email' and 'trackingid' parameters in all versions up to 2.8.2 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...

CVE-2026-43700

A cross-origin issue was addressed with improved tracking of security origins. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may disclose sensitive user information...

Traccar - Unrestricted File Upload

Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this...

netfilter: nft_ct: bail out on template ct in get eval

...

CVE-2026-53092

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF subsystem. This vulnerability occurs due to incorrect delta tracking when source and destination registers are the same during register value adjustments. This can lead to a mismatch between the BPF verifier's analysis and the actu...

EUVD-2026-39689

Subscriber Server Side Request Forgery SSRF in utm.codes = 1.9.0 versions...

CVE-2026-57913

Johnson & Johnson Audit Tracking Management System ATMS before 2026-04-21 allows viewing of meeting minutes and transcripts...

CVE-2026-57913

Johnson & Johnson Audit Tracking Management System ATMS before 2026-04-21 allows viewing of meeting minutes and transcripts...

CVE-2026-57913

CVE-2026-57913 affects Johnson & Johnson ATMS (Audit Tracking Management System) prior to 2026-04-21, enabling viewing of meeting minutes and transcripts. The available data do not specify root cause, affected versions beyond the date, or exploitable vectors beyond unauthenticated access indicate...

EUVD-2026-39644

Johnson & Johnson Audit Tracking Management System ATMS before 2026-04-21 allows viewing of meeting minutes and transcripts...

CVE-2026-57913

Johnson & Johnson Audit Tracking Management System ATMS before 2026-04-21 allows viewing of meeting minutes and transcripts...

SUSE CVE-2026-53267

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: bail out on template ct in get eval I noticed this issue while looking at a historic syzbot report 1. A rule like the one below is enough to trigger the bug: table ip t chain pre type filter hook prerouting...

CVE-2026-52986

A flaw was found in the Linux kernel's netfilter SIP Session Initiation Protocol connection tracking module. This vulnerability, caused by unsafe port parsing, allows a remote attacker to send specially crafted malformed packets. Such packets could lead to excessive resource consumption,...

Vulnerabilities are handled in GitLab Community Edition and Enterprise Edition

GitLab Inc. has identified several vulnerabilities in GitLab Enterprise Edition EE and other versions of GitLab, particularly in releases from version 8.3 to 19.1.1, with a focus on versions around 18.11.6, 19.0.3, and 19.1.1. These vulnerabilities affect various components of GitLab, including t...

CVE-2026-53218

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftexthdr: fix register tracking for FPRESENT flag nftexthdrinit passes user-controlled priv-len to nftparseregisterstore, which marks that many bytes in the register bitmap as initialized. However, when...

UBUNTU-CVE-2026-53267

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: bail out on template ct in get eval I noticed this issue while looking at a historic syzbot report 1. A rule like the one below is enough to trigger the bug: table ip t chain pre type filter hook prerouting...

CVE-2026-53267

The CVE-2026-53267 entry concerns a Linux kernel netfilter nft_ct use-after-free style issue where a per-CPU template conntrack entry can be treated as a real ct, causing a 16-byte memcpy path to overflow the kernel stack when using NFT_REG32_15. The root cause is that a template ct is not reject...

CVE-2026-53218

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftexthdr: fix register tracking for FPRESENT flag nftexthdrinit passes user-controlled priv-len to nftparseregisterstore, which marks that many bytes in the register bitmap as initialized. However, when...

CVE-2026-53218

The vulnerability CVE-2026-53218 affects the Linux kernel netfilter nft_exthdr code. The root cause is in register tracking when the NFT_EXTHDR_F_PRESENT flag is used: nft_exthdr_init() passes user-controlled priv-&gt;len to nft_parse_register_store(), which marks that many bytes in the register ...