CVE-2026-6796 Sanluan PublicCMS Failed Login LoginAdminController.java log_login cleartext storage in file

A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function loglogin of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword causes cleartext...

EUVD-2025-209112

Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0...

EUVD-2026-14704

Use After Free vulnerability in No-Chicken Echo-Mate ‎SDK/rv1106-sdk/sysdrv/source/kernel/mm modules. This vulnerability is associated with program files rmap.C‎. This issue affects Echo-Mate: before V250329...

CVE-2026-28081 WordPress Windsor theme <= 2.5.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Windsor windsor allows PHP Local File Inclusion.This issue affects Windsor: from n/a through = 2.5.0...

CVE-2026-25022

creationtimestamp| type| source ---|---|--- 2026-02-03 15:19:37+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdxnvuatkh2m...

CVE-2025-23705

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Terry Zielke Zielke Design Project Gallery zielke-design-project-gallery allows Reflected XSS.This issue affects Zielke Design Project Gallery: from n/a through = 2.5.0...

CVE-2025-23705

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Terry Zielke Zielke Design Project Gallery zielke-design-project-gallery allows Reflected XSS.This issue affects Zielke Design Project Gallery: from n/a through = 2.5.0...

CVE-2022-50253

creationtimestamp| type| source ---|---|--- 2025-12-17 21:54:17+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3ma7nldnfv22w 2025-12-18 10:50:03+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3maaywhs5qs2t 2025-12-23 14:57:28+00:00| seen|...

DEBIAN-CVE-2022-50673

In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4orphancleanup I caught a issue as follows: ================================================================== BUG: KASAN: use-after-free in listaddvalid+0x28/0x1a0 Read of size 8 at addr...

CVE-2025-21621

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...

Linux Distros Unpatched Vulnerability : CVE-2022-50544

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: host: xhci: Fix potential memory leak in xhciallocstreaminfo xhciallocstreaminfo allocates stream context array for streaminfo -streamctxarray with...

CVE-2025-47213

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

CVE-2022-50267

In the Linux kernel, the following vulnerability has been resolved: mmc: rtsxpci: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, the memory that allocated in mmcallochost will be leaked and it will lead a kernel crash because of deleting not added...

CVE-2025-20090

Untrusted Pointer Dereference for some IntelR QuickAssist Technology software before version 2.5.0 may allow an authenticated user to potentially enable denial of service via local access...

CVE-2025-20090

CVE-2025-20090 describes an untrusted pointer dereference in Intel(R) QuickAssist Technology software prior to version 2.5.0, which may allow an authenticated user to potentially cause a local-denial-of-service. Affected product: Intel QuickAssist Technology software before 2.5.0. Root cause: unt...

CVE-2022-50104

In the Linux kernel, the following vulnerability has been resolved: powerpc/xive: Fix refcount leak in xivegetmaxprio offindnodebypath returns a node pointer with refcount incremented, we should use ofnodeput on it when done. Add missing ofnodeput to avoid refcount leak...

CVE-2025-47757

V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6MemInIF.dll!setplctypedefault function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution...

CVE-2025-47754

V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!ConvMacroData function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution...

Aim Excessive Data Query Operations in a Large Data Table vulnerability

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these...

Nextcloud Security Breach

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud that stems from improper handling of request URLs, which allows users to load unallowed application pages...