CVE-2026-8404

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

CVE-2026-7666

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

CVE-2026-7666

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

CVE-2026-6873 Signed cookie salt namespace collision in django.http.HttpRequest.get_signed_cookie

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one wher...

CVE-2026-6873

CVE-2026-6873 affects Django 6.0 before 6.0.6 and 5.2 before 5.2.15. The issue is a non-injective salt derivation in django.http.HttpRequest.get_signed_cookie that concatenates the cookie name and salt argument, enabling a remote attacker to use a signed cookie in a context different from where i...

CVE-2026-6873

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one wher...

CVE-2025-14774

Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

SUSE-SU-2026:2236-1 Security update for vim

This update for vim fixes the following issues - CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim bsc1264706. - CVE-2026-43961: Vimscript Code Injection in netrw NetrwMarkFile via crafted filename bsc1265349. -...

EUVD-2025-210046

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

CVE-2025-14771

Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

UBUNTU-CVE-2026-50052

In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and...

EUVD-2026-34054

The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the getshopurl method returning the shopname setting value without sanitization when it begins with "http", combined with insufficient validation in th...

Linux Distros Unpatched Vulnerability : CVE-2026-45889

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mptcp: do not account for OoO in mptcprcvbufgrow MPTCP-level OoOs are physiological when...

ABB T-MAC Plus 安全漏洞

ABB T-MAC Plus is a shipboard equipment status monitoring and predictive maintenance management system developed by the Swiss company ABB. Version 4.0-24 of ABB T-MAC Plus contains a security vulnerability, which stems from incorrect authorization settings...

PT-2026-45909

Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

PT-2026-45907

Name of the Vulnerable Software and Affected Versions ABB T-MAC Plus version 4.0-24 Description A file disclosure issue exists in the ABB T-MAC Plus web application and the ABB T-MAC plus Server - Default IIS Web Site, where files or directories are accessible to external parties. Recommendations...

CVE-2025-70100

A divide-by-zero vulnerability in the ext4blocksetlbsize function in src/ext4blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 filesystem image that results in a zero logical block size. The vulnerability is triggered during mount o...

CVE-2025-70100

A divide-by-zero vulnerability in the ext4blocksetlbsize function in src/ext4blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 filesystem image that results in a zero logical block size. The vulnerability is triggered during mount o...

PT-2026-45938

Name of the Vulnerable Software and Affected Versions Django versions prior to 5.2.15 Django versions prior to 6.0.6 Description An issue exists in django.middleware.cache.UpdateCacheMiddleware where the Authorization header is not added to the Vary response header for requests that include that...

PT-2026-45934

Name of the Vulnerable Software and Affected Versions lwext4 version 1.0.0 Description A divide-by-zero issue exists in the ext4 block set lb size function within the src/ext4 blockdev.c file. This occurs when a malformed ext4 filesystem image with a zero logical block size is provided, leading t...