CVE-2026-10056

CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account...

CVE-2026-9243

The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carouseldirection' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the...

CVE-2026-8732

The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmptempaccessajax AJAX action being registered with wpajaxnopriv and protected only by a nonce check using the...

📄 CubeCart 6.x.x Cross Site Scripting

CubeCart versions prior to 6.7.0 suffer from a cross site scripting vulnerability. Exploit Title: CubeCart alert"Test!" 3- Press Enter. 4- Observe the alert box popping up on the screen, confirming the XSS execution. Alternative Direct Link:...

Linux Distros Unpatched Vulnerability : CVE-2026-46172

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipv6: xfrm6: release dst on error in xfrm6rcvencap xfrm6rcvencap performs an IPv6 route lookup when the skb does not already have a dst attached...

SUSE SLES12 Security Update : busybox (SUSE-SU-2026:2069-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2069-1 advisory. This update for busybox fixes the following issue - CVE-2026-29004: a crafted DHCPv6 response can lead to a heap buffer overflow in the DHCPv6 client...

CVE-2026-48735

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1...

CVE-2026-48155

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0...

UBUNTU-CVE-2026-47760

TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. This...

CVE-2026-47674

Summary of CVE-2026-47674 : In Hono, the ip-restriction middleware (hono/ip-restriction) evaluates deny/allow rules by string equality after partial normalization. Before version 4.12.21, non-canonical IPv6 representations (e.g., compressed forms, explicit-zero forms, or hex-notation IPv4-mapped ...

EUVD-2026-32920

TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. This...

CVE-2026-48155 pypdf: Possible large memory usage for large offsets for layout mode text

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0...

EUVD-2026-32914

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0...

CVE-2026-48156

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W 0 0 0 values and large /Size values. This vulnerability is fixed in 6.12.0...

EUVD-2026-32912

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1...

CVE-2026-29004

A flaw was found in BusyBox. A heap buffer overflow vulnerability exists in the Dynamic Host Configuration Protocol version 6 DHCPv6 client, specifically within the optiontoenv function. Network-adjacent attackers can exploit this by sending a crafted DHCPv6 response containing a malformed...

PT-2026-44295

In the Linux kernel, the following vulnerability has been resolved: ipv6: xfrm6: release dst on error in xfrm6 rcv encap xfrm6 rcv encap performs an IPv6 route lookup when the skb does not already have a dst attached. ip6 route input lookup returns a referenced dst entry even when the lookup...

PT-2026-44414

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.21 Description The ip-restriction middleware hono/ip-restriction compares incoming IP addresses against configured deny and allow rules using string equality after partial normalization. Non-canonical IPv6...

PT-2026-44744

Name of the Vulnerable Software and Affected Versions WP Maps Pro versions prior to 6.1.1 Description An issue in the temporary access feature allows unauthenticated attackers to create administrator accounts, leading to complete site takeover. The wpgmp temp access ajax AJAX action is registered...

Canonical Ubuntu Linux 安全漏洞

Canonical Ubuntu Linux is a Linux operating system developed by the British company Canonical. The Canonical Ubuntu Linux 6.8 version contained a security vulnerability; this vulnerability stemmed from potential null pointer dereferencing during the processing of AppArmor notifications, which cou...