JoomSport <= 5.7.7 - SQL Injection

The JoomSport WordPress plugin through 5.7.7 is vulnerable to unauthenticated time-based blind SQL injection via the 'sortf' GET parameter in the player list view. The parameter value is backtick-wrapped and directly concatenated into an ORDER BY clause. id: CVE-2026-42647 info: name: JoomSport =...

EUVD-2026-39699

Unauthenticated SQL Injection in 워드프레스 결제 심플페이 = 5.5.6 versions...

PT-2026-52587

Name of the Vulnerable Software and Affected Versions wolfSSL versions prior to 5.9.1 Description A heap buffer overflow occurs in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The issue stems from an integer truncation when calculating the length of the ACK...

CVE-2026-11878

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OpenText Access Manager allows Cross-Site Scripting XSS. This issue affects Access Manager: from 5.1 through 5.1.2...

EUVD-2026-38684

The WP Latest Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted image src attributes in post content in versions up to, and including, 5.0.11. This is due to insufficient output escaping in the field and loop functions, which extract the raw src attribute value...

CVE-2026-9620

CVE-2026-9620 concerns the WordPress plugin WP Latest Posts (≤ 5.0.11). It enables a Stored Cross-Site Scripting (XSS) via crafted image src attributes in post content. The root cause is insufficient output escaping in the plugin’s field() and loop() functions, which extract the raw src from img ...

WordPress WP Latest Posts plugin <= 5.0.11 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Latest Posts versions = 5.0.11...

Malicious code in free-anthropic-claude (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11bfe96b56a6615a50639b25de793e14044ea393c2029b26fa4e1b9e3dc5a22f This package impersonates the Anthropic Claude SDK name and description claim to be an 'Official Anthropic Claude SDK wrapper', author is...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: PCI/pwrctrl: Fixed an issue where double cleanup was performed in case of a failure in devmaddactionorreset. When devmaddactionorreset fails, it calls the passed cleanup function. Therefore, the caller must not repeat that cleanu...

Astra Linux – Vulnerability in qt4-x11, qtbase-opensource-src

A issue was discovered in Qt before version 5.15.15, in versions 6.x before 6.2.9, and in versions 6.3.x through 6.5.x before 6.5.1. When an SVG file containing an image is rendered, a QTextLayout buffer overflow can occur...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed memory leaks and NULL dereferencing in smb2lock. smb2lock has three error handling issues after listdel detaches smblock from locklist at nocheckcl: 1 If vfslockfile returns an unexpected error in the non-UNLOCK...

Astra Linux – Vulnerability in Squid

A buffer overflow was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers were vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations were sent to a...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ALSA: ac97 – Fixed a possible NULL dereference in sndac97mixer. Smatch error: sound/pci/ac97/ac97codec.c:2354; sndac97mixer error: We previously assumed that ‘rac97’ could be null see line 2072. Removed redundant assignments;...

Astra Linux – Vulnerability in Linux

In the IPv4 implementation in the Linux kernel before 5.12.4, the net/ipv4/route.c file has an information leak because the hash table is very small...

Astra Linux – Vulnerability in Linux 5.10

Due to a vulnerability in the iouring subsystem, it is possible for kernel memory information to be leaked to the user process. timensinstall calls currentissinglethreaded to determine whether the current process is single-threaded. However, this call does not take into account iouring’s ioworker...

Astra Linux – Vulnerability in hdf5

The HDF5 library from version 1.14.3 has a segmentation fault in the H5VM.c function H5VMmemcpyvv...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: octeontx2-pf: Fixed the use of GFPKERNEL in atomic contexts for rt. The commit 4af1b64f80fb “octeontx2-pf: Fixed the lmtst ID used in aurafree” uses get/putcpu to protect the usage of percpu pointers in the -aurafreeptr...

CVE-2026-11395

The CF7 to Webhook plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.0 via the pullthetrigger. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...

CVE-2026-11395

CVE-2026-11395 : The CF7 to Webhook plugin for WordPress is vulnerable to unauthenticated Server-Side Request Forgery through the pull_the_trigger path, affecting all versions up to and including 5.0.0. Exploitation requires the admin-configured webhook URL to contain a Contact Form 7 field place...

CVE-2026-54533

vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, malicious algorithms can potentially access other algorithms input and output files. Version 5.0.0 fixes the issue. As a workaround, verify and restrict the algorithm containers that are allowed to...