Exploit for Missing Authentication for Critical Function in Cpanel

POCCVE-2026-41940 Quick start bash python3 pocCVE-202...

MAL-2026-3225 Malicious code in as89ufnaisufn (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e21c9860ca710010b7059d9284d8e2665c8163a8f1f351782e1a30f2037ce647 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

WordPress plugin Royal Elementor Addons 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

Linux Distros Unpatched Vulnerability : CVE-2026-1858

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private...

SUSE SLES12 Security Update : dovecot22 (SUSE-SU-2026:1641-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1641-1 advisory. - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. - CVE-2025-59032:...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 “Copy Fail” LAN posture scanner copyfailsc...

Malicious code in py-clob-clients (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7136140b365c314a42f5efe300779f093c40a41fb5c2258c7f5ff05c88eba2f8 Package exfiltrates env variables from .env files. It's a typosquatting of a legitimate package and is used in a malicious GitHub repository --- Category:...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 — Copy Fail Linux Privilege Escalation Ov...

CVE-2026-31721

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: move list and spinlock inits from bind to alloc There was an issue when you did the following: - setup and bind an hid gadget - open /dev/hidg0 - use the resulting fd in EPOLLCTLADD - unbind the UDC - bind the...

CVE-2026-43018 Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: fix potential UAF in hcileremoteconnparamreqevt hciconn lookup and field access must be covered by hdev lock in hcileremoteconnparamreqevt, otherwise it's possible it is freed concurrently. Extend the...

EUVD-2026-26617

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: fix potential UAF in hcileremoteconnparamreqevt hciconn lookup and field access must be covered by hdev lock in hcileremoteconnparamreqevt, otherwise it's possible it is freed concurrently. Extend the...

CVE-2026-31746

CVE-2026-31746 concerns the Linux kernel’s s390/zcrypt component. When Common Cryptographic Architecture (CCA) cards are used as accelerators for clear key RSA requests (ME and CRT), a memory leak occurs due to an unreleased memory allocation in the AP message handling. The issue stems from a rew...

CVE-2026-31741 counter: rz-mtu3-cnt: prevent counter from being toggled multiple times

In the Linux kernel, the following vulnerability has been resolved: counter: rz-mtu3-cnt: prevent counter from being toggled multiple times Runtime PM counter is incremented / decremented each time the sysfs enable file is written to. If user writes 0 to the sysfs enable file multiple times,...

Malicious Package

Overview blackbeards-navigator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

SUSE CVE-2026-1858

wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

Wireshark 2.4.x < 2.4.7 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.4.7. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.4.7 advisory. - In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was...

CVE-2026-37531

AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability CWE-22 combined with a TOCTOU race condition CWE-367 in the widget installation flow. The isvalidfilename function in wgtpkg-zip.c validates ZIP entry names but does not check for dot notation directory traversal...

PT-2026-36461

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix DMA corruption on long hmac keys When a key longer than block size is supplied, it is copied and then hashed into the real key. The memory allocated for the copy needs to be rounded to DMA cache alignment, as...

PT-2026-36388

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the linedisp release function. The issue occurs because the function uses to linedisp to retrieve the enclosing struct linedisp, which relies on the...

FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...