CVE-2026-23026 dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config()

In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: gpi: Fix memory leak in gpiperipheralconfig Fix a memory leak in gpiperipheralconfig where the original memory pointed to by gchan-config could be lost if krealloc fails. The issue occurs when: 1. gchan-config...

SUSE CVE-2024-29214

Improper input validation in UEFI firmware CseVariableStorageSmm for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...

EUVD-2025-206552

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an unauthenticated user to cause a denial of service due to excessive use of a global variable...

CVE-2025-36009

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service due to excessive use of a global variable...

CVE-2025-36009

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service due to excessive use of a global variable...

UBUNTU-CVE-2025-36009

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service due to excessive use of a global variable...

CVE-2025-36009

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service due to excessive use of a global variable...

CVE-2025-36009

Summary of CVE-2025-36009 (IBM Db2): IBM Db2 for Linux, UNIX and Windows (including DB2 Connect Server) could allow an unauthenticated user to cause a denial of service by excessive use of a global variable. Affected releases are IBM Db2 Server 11.5.0–11.5.9 and 12.1.0–12.1.3. The issue’s root ca...

CVE-2025-36009 IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service due to excessive use of a global variable...

CVE-2025-36009

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service due to excessive use of a global variable...

CVE-2025-36009 IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service due to excessive use of a global variable...

PT-2026-5446

Name of the Vulnerable Software and Affected Versions IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server versions 11.5.0 through 11.5.9 IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server versions 12.1.0 through 12.1.3 Description An unauthenticated user may be able to...

Oracle Linux 8 : osbuild-composer (ELSA-2026-1380)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-1380 advisory. 101.4-2.0.1 - Support using repository definitons with OCI variables JIRA: OLDIS-38657 - Update repositories to contain OCI variables - Remove image types...

GHSA-G4W6-C99W-4WH7 BrowserStack Local vulnerable to Command Injection through logfile variable

The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js...

BrowserStack Local vulnerable to Command Injection through logfile variable

The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js...

CVE-2026-1391 Vzaar Media Management <= 1.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Vzaar Media Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable. This makes it possible for unauthenticated attackers to inject...

EUVD-2026-4923

The Vzaar Media Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable. This makes it possible for unauthenticated attackers to inject...

WordPress Vzaar Media Management plugin <= 1.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Vzaar Media Management versions = 1.2...

📄 GNU Inetutils 2.7 Telnet Authentication Bypass Scanner

GNU Inetutils version 2.7 telnet authentication bypass scanner that leverages a crafted USER value. This vulnerability is tracked as CVE-2026-24061 and is conceptually related to historical Telnet NEW-ENVIRON issues such as CVE-1999-0192, but affects modern GNU Inetutils implementations...

WordPress plugin Vzaar Media Management has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...