CVE-2026-50128

Mastodon is a free, open-source social network server based on ActivityPub. From 4.3.0 until 4.5.11 and 4.4.18, Mastodon has a feature to let websites credit authors of their articles. To prevent false attribution claims, Mastodon uses the attributionDomains JSON-LD term, however, an error in how...

EUVD-2026-38856

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: join hook list via splicelistrcu in commit phase Publish new hooks in the list into the basechain/flowtable using splicelistrcu to ensure netlink dump list traversal via rcu is safe while concurrent ruleset...

EUVD-2026-38984

In the Linux kernel, the following vulnerability has been resolved: s390/ap: use generic driveroverride infrastructure When the AP masks are updated via apmaskstore or aqmaskstore, apbusrevisebindings is called after apattrmutex has been released. This calls aprevisereserved, which accesses the...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.45 bug fix and security update

Red Hat OpenShift Container Platform release 4.18.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...

The vulnerabilities in libssh2 are addressed through libssh.

LibSSH has vulnerabilities in libssh2, including versions up to 1.11.1. The first vulnerability involves a denial-of-service attack during the pre-authentication phase, within the SSHMSGEXTINFO handler. A malicious SSH server can send a specially constructed extensioncount value, causing the clie...

ROOT-OS-UBUNTU-2404-CVE-2025-23156 CVE-2025-23156 in rootio-linux - Patched by Root

Root has patched CVE-2025-23156 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2025-37812 CVE-2025-37812 in rootio-linux - Patched by Root

Root has patched CVE-2025-37812 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

CVE-2026-10735

Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommerce Pro WordPress plugin before 3.5.3 Pro smart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Produ...

CVE-2026-52930

The CVE concerns the Linux kernel’s shared memory (ipc/shm) subsystem, specifically the orphan cleanup path. The vulnerability arises because shm_destroy_orphaned() traverses shm IDs under shm_ids(ns).rwsem but shm_nattch can be updated while holding shm_perm.lock, and attach paths may modify it ...

CVE-2026-52930

In the Linux kernel, the following vulnerability has been resolved: i...

EUVD-2026-38693

Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommerce Pro WordPress plugin before 3.5.3 Pro smart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Produ...

CVE-2026-9724

The CVE concerns the MotorDesk WordPress plugin up to version 1.1.2 . It is vulnerable to Cross-Site Request Forgery (CSRF) due to missing/incorrect nonce validation on the function motordesk_admin_home . This allows unauthenticated attackers to modify the plugin’s configuration, including the se...

ROOT-OS-DEBIAN-12-CVE-2024-49916 CVE-2024-49916 in rootio-linux - Patched by Root

Root has patched CVE-2024-49916 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...

Reprise License Manager 14.2 - Cross-Site Scripting

Reprise License Manager 14.2 contains a cross-site scripting vulnerability in the /goform/activateprocess "count" parameter via GET. id: CVE-2021-45422 info: name: Reprise License Manager 14.2 - Cross-Site Scripting author: edoardottt severity: medium description: | Reprise License Manager 14.2...

Kaseya Virtual System Administrator - Open Redirect

Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. id: CVE-2015-286...

Viessmann Vitogate 300 - Hardcoded Password

A critical vulnerability in Viessmann Vitogate 300 up to 2.1.3.0 allows attackers to authenticate using hardcoded credentials in the Web Management Interface. id: CVE-2023-5222 info: name: Viessmann Vitogate 300 - Hardcoded Password author: ritikchaddha severity: critical description: | A critica...

Linear eMerge E3 - Cross-Site Scripting

Linear eMerge E3-Series devices are vulnerable to cross-site scripting via the 'layout' parameter. id: CVE-2019-7255 info: name: Linear eMerge E3 - Cross-Site Scripting author: arafatansari severity: medium description: | Linear eMerge E3-Series devices are vulnerable to cross-site scripting via...

Microsoft SharePoint - Remote Code Execution

Microsoft SharePoint is vulnerable to a remote code execution when the software fails to check the source markup of an application package. id: CVE-2020-16952 info: name: Microsoft SharePoint - Remote Code Execution author: dwisiswant0 severity: high description: Microsoft SharePoint is vulnerabl...

qdPM 9.1 - Cross-site Scripting

qdPM V9.1 is vulnerable to Cross Site Scripting XSS via qdPM\install\modules\databaseconfig.php. id: CVE-2020-19515 info: name: qdPM 9.1 - Cross-site Scripting author: theamanrawat severity: medium description: | qdPM V9.1 is vulnerable to Cross Site Scripting XSS via...

Xinuo Openserver 5/6 - Cross-Site scripting

Xinuo formerly SCO Openserver versions 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section' and is vulnerable to reflected cross-site scripting. id: CVE-2020-25495 info: name: Xinuo Openserver 5/6 - Cross-Site scripting author: 0xAkoko severity:...