Aggregator

A patch for the bug, tracked as CVE-2026-0300, has not been published yet and Palo Alto Networks said it will be included in releases over the next two weeks.

A vulnerability labeled as critical has been found in weDevs WP User Frontend Plugin up to 4.3.1 on WordPress. This affects an unknown function. Such manipulation leads to missing authorization. This vulnerability is traded as CVE-2026-42412. The attack may be launched remotely. There is no exploit available.

A vulnerability categorized as problematic has been discovered in CDAC-Noida e-Sushrut Hospital Management Information System. The affected element is an unknown function of the component API. The manipulation results in cleartext transmission of sensitive information. This vulnerability is reported as CVE-2026-42514. The attack can be launched remotely. No exploit exists.

A vulnerability was found in WSO2 Identity Server. It has been declared as problematic. This issue affects some unknown processing of the component Authentication Endpoint. Executing a manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2025-10503. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability has been found in CRM Sistemas de Fidelización MegaCMS 12.0.0 and classified as critical. This issue affects some unknown processing of the file /web_comunications/cms/get_provincias of the component POST Request Handler. Performing a manipulation of the argument id_territorio results in sql injection. This vulnerability is identified as CVE-2026-3325. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in Brainstorm Force SureForms Pro Plugin up to 2.8.0 on WordPress and classified as critical. This affects an unknown part. Such manipulation leads to missing authorization. This vulnerability is listed as CVE-2026-42377. The attack may be performed from remote. There is no available exploit.

Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge (ADB) to enlist them in a network capable of carrying out distributed denial-of-service (DDoS) attacks. Hunt.io, which detailed the malware, said it made the discovery after identifying an exposed directory on a Netherlands-hosted

A vulnerability labeled as problematic has been found in Linux Kernel up to 6.6.135/6.12.82/6.18.23/6.19.13/7.0.0. This vulnerability affects the function platform_get_irq_byname. Executing a manipulation can lead to privilege escalation. This vulnerability is registered as CVE-2026-43072. The attack requires access to the local network. No exploit is available. The affected component should be upgraded.

A vulnerability classified as critical was found in Linux Kernel up to 6.18.20/6.19.10. This issue affects the function __mark_reg_known of the component bpf. The manipulation results in out-of-bounds read. This vulnerability is known as CVE-2026-43070. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is advised.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.6.135/6.12.82/6.18.23/6.19.13/7.0.0. This affects the function dcache_init of the component dcache. Performing a manipulation results in out-of-bounds read. This vulnerability is cataloged as CVE-2026-43071. The attack must originate from the local network. There is no exploit available. You should upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.19.10. This vulnerability affects the function download_firmware of the file drivers/bluetooth/hci_ll.c of the component Bluetooth. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2026-43069. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.167/6.6.133/6.12.79/6.18.20/6.19.10. This affects the function ext4_mb_scan_groups_linear. The manipulation leads to infinite loop. This vulnerability is uniquely identified as CVE-2026-43067. The attack can only be initiated within the local network. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.19.10. This affects the function ext4_mb_find_by_goal of the component ext4. Executing a manipulation can lead to allocation of resources. This vulnerability appears as CVE-2026-43068. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability classified as critical was found in Linux Kernel up to 6.19.10. Affected by this issue is the function ext4_fc_replay_inode of the component ext4. Executing a manipulation can lead to memory leak. This vulnerability is handled as CVE-2026-43066. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.19.10. The affected element is the function ext4_mb_release of the component ext4. Executing a manipulation can lead to privilege escalation. This vulnerability is registered as CVE-2026-43065. The attack requires access to the local network. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.167/6.6.130/6.12.79/6.18.20/6.19.10. Affected by this vulnerability is the function .release of the component dmaengine. Performing a manipulation results in privilege escalation. This vulnerability is known as CVE-2026-43064. Access to the local network is required for this attack. No exploit is available. It is recommended to upgrade the affected component.

Google patches a CVSS 10 Gemini CLI vulnerability that allowed hackers to use prompt injection and privilege escalation for a full supply chain compromise.

A vulnerability, which was classified as problematic, has been found in jupyter notebook up to 7.5.5. The affected element is an unknown function. Performing a manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2026-40171. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in OpenMRS up to 2.7.8/2.8.5. Impacted is the function WebModuleUtil.startModule of the file /openmrs/ws/rest/v1/module of the component REST Endpoint. Such manipulation leads to path traversal. This vulnerability is listed as CVE-2026-40076. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in QuantumNous new-api. This issue affects some unknown processing. This manipulation causes server-side request forgery. This vulnerability is tracked as CVE-2026-42339. The attack is possible to be carried out remotely. No exploit exists.