38427 matches found
SUSE CVE-2026-23379
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: fix divide by zero in the offload path Offloading ETS requires computing each class' WRR weight: this is done by averaging over the sums of quanta as 'qsum' and 'qpsum'. Using unsigned int, the same integer size a...
USN-8124-1 bind9 vulnerabilities
Samy Medjahed discovered that Bind incorrectly handled insecure delegation validation. A remote attacker could possibly use this issue to cause excessive NSEC3 iterations, consuming CPU resources, and leading to a denial of service. CVE-2026-1519 Vitaly Simonovich discovered that Bind incorrectly...
CVE-2026-3591
A flaw was found in BIND, specifically in the named server's handling of DNS queries signed with SIG0. A remote attacker could exploit this use-after-return vulnerability by sending a specially-crafted DNS request. This could cause an Access Control List ACL to improperly match an IP address,...
CVE-2026-32536
CVE-2026-32536 describes an Unrestricted Upload of File with Dangerous Type in the WordPress plugin Green Downloads (halfdata-paypal-green-downloads) up to version
CVE-2026-32493 WordPress JobSearch plugin <= 3.2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through = 3.2.0...
CVE-2026-27095
Deserialization of Untrusted Data vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Object Injection.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through = 5.6.0...
CVE-2026-27080 WordPress Deston theme <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Deston deston allows PHP Local File Inclusion.This issue affects Deston: from n/a through = 1.0...
CVE-2026-27075 WordPress Belfort theme <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Belfort belfort allows PHP Local File Inclusion.This issue affects Belfort: from n/a through = 1.0...
CVE-2026-27071 WordPress WPCafe plugin <= 3.0.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through = 3.0.7...
CVE-2026-25317 WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 5.9.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through = 5.9.0...
CVE-2026-25002 WordPress LearnPress – Sepay Payment plugin <= 4.0.0 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in ThimPress LearnPress Sepay Payment learnpress-sepay-payment allows Authentication Abuse.This issue affects LearnPress Sepay Payment: from n/a through = 4.0.0...
CVE-2026-24989
CVE-2026-24989 describes a deserialization of untrusted data in the SUMO Affiliates Pro plugin for WordPress (affs), enabling PHP object injection. Affected: SUMO Affiliates Pro versions below 11.4.0. Root cause: deserialization of untrusted input leading to object injection. Impact: according to...
CVE-2025-69358 WordPress EventPrime plugin <= 4.2.6.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through = 4.2.6.0...
EUVD-2026-15413
A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG0. Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly mismatch an IP address. In a default-allow ACL denying only specific IP addresses, this may lead to...
CVE-2026-3218
CVE-2026-3218: Drupal Responsive Favicons contains an XSS due to improper filtering of administrator-entered text. Affects versions prior to 2.0.2. Exploitation requires the attacker to have the permission administering responsive favicons. Remediation: update to 2.0.2 or later (as noted in the l...
CVE-2026-3210 Material Icons - Moderately critical - Access bypass - SA-CONTRIB-2026-011
Incorrect Authorization vulnerability in Drupal Material Icons allows Forceful Browsing.This issue affects Material Icons: from 0.0.0 before 2.0.4...
CVE-2026-23298
A flaw was found in the Linux kernel's CAN Controller Area Network ucan driver. This vulnerability allows a connected ucan device to send a message with a zero-length field. Such a message can trigger an infinite loop within the driver, causing the system to hang. This ultimately leads to a denia...
CVE-2026-23514 Kiteworks Core before 9.2.2 is vulnerable to Improper Ownership Management
Kiteworks is a private data network PDN. Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch...
CVE-2026-3591
A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG0. Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly mismatch an IP address. In a default-allow ACL denying only specific IP addresses, this may lead to...
DEBIAN-CVE-2026-3591
A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG0. Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly mismatch an IP address. In a default-allow ACL denying only specific IP addresses, this may lead to...