39149 matches found
CVE-2026-52988 netfilter: nf_tables: join hook list via splice_list_rcu() in commit phase
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: join hook list via splicelistrcu in commit phase Publish new hooks in the list into the basechain/flowtable using splicelistrcu to ensure netlink dump list traversal via rcu is safe while concurrent ruleset...
CVE-2026-52988
The CVE-2026-52988 issue affects the Linux kernel netfilter nf_tables code, specifically the join hook list updated via splice_list_rcu() during commit phases. The vulnerability arises when new hooks are published to the basechain/flowtable while a concurrent ruleset update is ongoing, potentiall...
Astra Linux – Vulnerability in Firefox and Thunderbird
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...
firefox security update
An update is available for firefox. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.45 bug fix and security update
Red Hat OpenShift Container Platform release 4.18.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...
The vulnerabilities in libssh2 are addressed through libssh.
LibSSH has vulnerabilities in libssh2, including versions up to 1.11.1. The first vulnerability involves a denial-of-service attack during the pre-authentication phase, within the SSHMSGEXTINFO handler. A malicious SSH server can send a specially constructed extensioncount value, causing the clie...
CVE-2026-10735
Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommerce Pro WordPress plugin before 3.5.3 Pro smart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Produ...
CVE-2026-52930
The CVE concerns the Linux kernel’s shared memory (ipc/shm) subsystem, specifically the orphan cleanup path. The vulnerability arises because shm_destroy_orphaned() traverses shm IDs under shm_ids(ns).rwsem but shm_nattch can be updated while holding shm_perm.lock, and attach paths may modify it ...
CVE-2026-52930
In the Linux kernel, the following vulnerability has been resolved: ipc/shm: serialize orphan cleanup with shmnattch updates shmdestroyorphaned walks the shm idr under shmidsns.rwsem, but that does not serialize all fields tested by shmmaydestroy. In particular, shmnattch is updated while holding...
CVE-2026-10735
Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommerce Pro WordPress plugin before 3.5.3 Pro smart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Produ...
EUVD-2026-38693
Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommerce Pro WordPress plugin before 3.5.3 Pro smart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Produ...
CVE-2026-9724
The MotorDesk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the motordeskadminhome function. This makes it possible for unauthenticated attackers to update the plugin's...
CVE-2026-9724
The CVE concerns the MotorDesk WordPress plugin up to version 1.1.2 . It is vulnerable to Cross-Site Request Forgery (CSRF) due to missing/incorrect nonce validation on the function motordesk_admin_home . This allows unauthenticated attackers to modify the plugin’s configuration, including the se...
PT-2026-51856
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer leak occurs in the ceph module within the ceph setxattr function. During a retry operation, the old blob variable can store the value of ci-i xattrs.prealloc blob, but the ceph...
PT-2026-52085
Name of the Vulnerable Software and Affected Versions HP Accessory WMI Provider installer affected versions not specified Description A security issue exists in the HP Accessory WMI Provider installer used for certain HP Docking Stations. This flaw could allow an attacker to achieve escalation of...
PT-2026-51882
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter nf tables component where the process of joining the hook list during the commit phase was not handled safely. This could lead to unsafe netlink dump lis...
PT-2026-51677
Name of the Vulnerable Software and Affected Versions Welcome Software Publishing versions prior to 0.0.32 Description The plugin is subject to an Arbitrary Options Update issue caused by a missing capability check in the nc setOption function, which is exposed through the 'nc.setOption' XML-RPC...
PT-2026-51723
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ipc/shm component where the shm destroy orphaned function iterates through the shm idr using shm idsns.rwsem, which fails to serialize all fields evaluated by shm...
Oracle Linux 9 : unbound (ELSA-2026-24369)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-24369 advisory. - Fix CVE-2026-33278 RHEL-177822 Fix CVE-2026-42944 RHEL-177936 Fix CVE-2026-42959 RHEL-177797 Tenable has extracted the preceding description block...
Oracle Linux 9 : thunderbird (ELSA-2026-21381)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-21381 advisory. 140.11.0-1.0.1 - Fix prefs for new nss Orabug: 37079813 - Add Oracle prefs 140.11.0 - Add OpenELA debranding 140.11.0-1 - Update to 140.11.0 ESR...