38442 matches found
CVE-2026-3591
A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG0. Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly mismatch an IP address. In a default-allow ACL denying only specific IP addresses, this may lead to...
ISC BIND 9 安全漏洞
ISC BIND 9 is a domain name system software developed by the ISC organization. Vulnerabilities exist in versions 9.20.0 to 9.20.20, 9.21.0 to 9.21.19, and 9.20.9-S1 to 9.20.20-S1 of ISC BIND 9. These vulnerabilities stem from the reuse of resources after handling DNS queries signed with SIG0; thi...
PT-2026-27827
Name of the Vulnerable Software and Affected Versions Elated-Themes Amoli versions through 1.0 Description A flaw exists in Elated-Themes Amoli that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue enables the inclusion of local...
Security update for protobuf (moderate)
openSUSE security update: security update for protobuf ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20390-1 Rating: moderate References: bsc1244663 bsc1244918 bsc1257173 Cross-References: CVE-2025-4565 CVE-2026-0994 CVSS scores: CVE-2025-4565 SUS...
Linux Distros Unpatched Vulnerability : CVE-2026-21714
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOWUPDATE frames on stream 0 connection-level that cause the flow control window to exceed...
Linux Distros Unpatched Vulnerability : CVE-2026-23298
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set to 0, then the driver will loop...
PT-2026-28156
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, missing authorization in the AJAX deletion endpoint interface/forms/procedure order/handle deletions.php allows any authenticated user, regardless of role, to...
PT-2026-27927
Name of the Vulnerable Software and Affected Versions eyecix Addon Jobsearch Chat versions through 3.0 Description The software contains a flaw related to improper input handling during web page generation, which allows for Reflected Cross-Site Scripting XSS. This issue impacts the Addon Jobsearc...
PT-2026-28175
Name of the Vulnerable Software and Affected Versions PrestaShop versions prior to 8.2.5 PrestaShop versions prior to 9.1.0 Description PrestaShop, an open source e-commerce web application, experiences an issue due to improper use of its validation framework. No workarounds are currently...
WordPress plugin Kiddy 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Linux Distros Unpatched Vulnerability : CVE-2026-23379
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/sched: ets: fix divide by zero in the offload path Offloading ETS requires computing each class' WRR weight: this is done by averaging over the sums of quan...
ISC BIND 9.20.0 < 9.20.21 / 9.20.9-S1 < 9.20.21-S1 / 9.21.0 < 9.21.20 Vulnerability (cve-2026-3591)
The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2026-3591 advisory. - A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG0. Using a...
WordPress plugin Print Invoice & Delivery Notes for WooCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper handling of zero-length messages. This vulnerability could lead to infinite loops and...
PT-2026-28369
Name of the Vulnerable Software and Affected Versions: Grafana versions 11.6.0 through 11.6.14, 12.0.0 through 12.1.10, 12.2.0 through 12.2.8, 12.3.0 through 12.3.6, and 12.4.0 through 12.4.2. Description: A chained attack involving SQL Expressions and a Grafana Enterprise plugin can lead to remo...
PT-2026-27986
Name of the Vulnerable Software and Affected Versions magepeopleteam Bus Ticket Booking with Seat Reservation versions through 5.6.0 Description The software contains a flaw related to the deserialization of untrusted data, which allows for object injection. This issue impacts Bus Ticket Booking...
PT-2026-33102
Name of the Vulnerable Software and Affected Versions xwayland versions prior to 24.1.9-2.1 xorg-x11-server versions prior to 21.1.21-5.1 Description Security issues were identified in xwayland and xorg-x11-server. Recommendations Update xwayland to version 24.1.9-2.1. Update xorg-x11-server to...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, caused by a zero overflow error, which may lead to kernel crashes...
PT-2026-27970
Name of the Vulnerable Software and Affected Versions uxper Golo versions through 1.7.0 Description An incorrect privilege assignment exists in uxper Golo, allowing for privilege escalation. Recommendations Update uxper Golo to a version later than 1.7.0...
Linux Distros Unpatched Vulnerability : CVE-2026-26209
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial ...