VIR Vulnerability Intelligence Relay

Search

Found 33,081 results in 1444ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-43232 high 8.8 8.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets When the FarSync T-series card is being detached, the fs…
CVE-2026-43230 high 7.5 7.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net/rds: Clear reconnect pending bit When canceling the reconnect worker, care must be taken to reset the reconnect-pending bit. …
CVE-2026-43226 high 7.5 7.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net/rds: No shortcut out of RDS_CONN_ERROR RDS connections carry a state "rds_conn_path::cp_state" and transitions from one state…
CVE-2026-43222 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: AV1: Fix tile info buffer size Each tile info is composed of: row_sb, col_sb, start_pos and end_pos (4 bytes …
CVE-2026-43215 high 8.8 8.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: cifs: Fix locking usage for tcon fields We used to use the cifs_tcp_ses_lock to protect a lot of objects that are not just the se…
CVE-2026-43214 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Add SRCU protection for reading PDPTRs in __get_sregs2() Add SRCU read-side protection when reading PDPTR registers in …
CVE-2026-43213 high 7.5 7.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: validate sequence number of TX release report Hardware rarely reports abnormal sequence number in TX release re…
CVE-2026-43212 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: LoongArch: Make cpumask_of_node() robust against NUMA_NO_NODE The arch definition of cpumask_of_node() cannot handle NUMA_NO_NODE…
CVE-2026-43211 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: PCI: Fix pci_slot_trylock() error handling Commit a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()") delegates the b…
CVE-2026-43207 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: media: mtk-mdp: Fix error handling in probe function Add mtk_mdp_unregister_m2m_device() on the error handling path to prevent re…
CVE-2026-43206 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() The kfd_event_page_set() function writes KFD_SIGNAL_EVENT_LIMIT * 8 b…
CVE-2026-43205 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: validate num_ifs to prevent out-of-bounds write The driver obtains sw_attr.num_ifs from firmware via dpsw_get_attri…
CVE-2026-43203 high 7.5 7.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: atm: fore200e: fix use-after-free in tasklets during device removal When the PCA-200E or SBA-200E adapter is being detached, the …
CVE-2026-43199 high 7.5 7.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query Fix a "scheduling while atomic" bug in mlx5e_ipsec_init_macs(…
CVE-2026-43196 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: soc: ti: pruss: Fix double free in pruss_clk_mux_setup() In the pruss_clk_mux_setup(), the devm_add_action_or_reset() indirectly …
CVE-2026-43194 high 7.5 7.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: consume xmit errors of GSO frames udpgro_frglist.sh and udpgro_bench.sh are the flakiest tests currently in NIPA. They fail …
CVE-2026-43190 high 8.2 8.2 FIX sles rheldebian debian 1mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_tcpmss: check remaining length before reading optlen Quoting reporter: In net/netfilter/xt_tcpmss.c (lines 53-68)…
CVE-2026-43187 high 8.8 8.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: xfs: delete attr leaf freemap entries when empty Back in commit 2a2b5932db6758 ("xfs: fix attr leaf header freemap.size underflow…
CVE-2026-43184 high 7.5 7.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: rnbd-srv: Zero the rsp buffer before using it Before using the data buffer to send back the response message, zero it completely.…
CVE-2026-43180 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode kaweth_set_rx_mode(), the ndo_set_rx_mode callback, calls ne…
CVE-2026-43178 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: procfs: fix possible double mmput() in do_procmap_query() When user provides incorrectly sized buffer for build ID for PROCMAP_QU…
CVE-2026-43176 high 8.8 8.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: validate release report content before using for RTL8922DE The commit 957eda596c76 ("wifi: rtw89: pci: validate…
CVE-2026-43172 high 8.8 8.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix 22000 series SMEM parsing If the firmware were to report three LMACs (which doesn't exist in hardware) then us…
CVE-2026-43166 high 7.1 7.1 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: erofs: fix interlaced plain identification for encoded extents Only plain data whose start position and on-disk physical length a…
CVE-2026-43164 high 7.5 7.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: udplite: Fix null-ptr-deref in __udp_enqueue_schedule_skb(). syzbot reported null-ptr-deref of udp_sk(sk)->udp_prod_queue. [0] S…
CVE-2026-43158 high 8.8 8.8 FIX sles rheldebian debian 1mo ago In the Linux kernel, the following vulnerability has been resolved: xfs: fix freemap adjustments when adding xattrs to leaf blocks xfs/592 and xfs/794 both trip this assertion in the leaf block fre…
CVE-2026-43153 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: xfs: remove xfs_attr_leaf_hasname The calling convention of xfs_attr_leaf_hasname() is problematic, because it returns a NULL buf…
CVE-2026-43150 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: perf/arm-cmn: Reject unsupported hardware configurations So far we've been fairly lax about accepting both unknown CMN models (at…
CVE-2026-43141 high 7.1 7.1 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut Number of MW LUTs depends on NTB configuration and can be set to zero…
CVE-2026-43139 high 8.6 8.6 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: xfrm6: fix uninitialized saddr in xfrm6_get_saddr() xfrm6_get_saddr() does not check the return value of ipv6_dev_get_saddr(). Wh…
CVE-2026-43138 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: reset: gpio: suppress bind attributes in sysfs This is a special device that's created dynamically and is supposed to stay in mem…
CVE-2026-43134 high 8.1 8.1 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ This adds a check for encryption key size upon receiving L2CAP…
CVE-2026-43133 high 7.9 7.9 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation Commit cc3ed80ae69f ("KVM: nSVM: always use vmcb01 to for vmsave/vmload o…
CVE-2026-43126 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ALSA: mixer: oss: Add card disconnect checkpoints ALSA OSS mixer layer calls the kcontrol ops rather individually, and pending ca…
CVE-2025-62345 low 2.7 2.7 1mo ago HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure “Input Text” Vulnerability . A component contains a security weakness in its input handling implementation, increasing the …
CVE-2025-31951 high 8.8 8.8 1mo ago HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized comma…
CVE-2026-43646 high 7.5 7.5 apache 1mo ago Apache Wicket has an Exposure of Sensitive Information to an Unauthorized Actor vulnerability
CVE-2026-43120 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix double free related to rereg_user_mr If IB_MR_REREG_TRANS is set during rereg_user_mr, the umem will be released …
CVE-2026-43116 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ensure safe access to master conntrack Holding reference on the expectation is not sufficient, the master c…
CVE-2026-43113 high 8.8 8.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: validate packet IDs before indexing tx_frames wl1251_tx_packet_cb() uses the firmware completion ID directly to ind…
CVE-2026-43112 high 8.8 8.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath When cifs_sanitize_prepath is called with an empty string or a str…
CVE-2026-43111 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: HID: roccat: fix use-after-free in roccat_report_event roccat_report_event() iterates over the device->readers list without holdi…
CVE-2026-43110 high 8.8 8.8 FIX sles rheldebian debian 1mo ago In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: validate bsscfg indices in IF events brcmf_fweh_handle_if_event() validates the firmware-provided interface index…
CVE-2026-43106 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix incorrect dentry refcount in cachefiles_cull() The patch mentioned below changed cachefiles_bury_object() to expe…
CVE-2026-43101 high 7.5 7.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data() We need to check __in6_dev_get() for possible NULL value…
CVE-2026-43099 high 7.5 7.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: fix null-ptr-deref in icmp_build_probe() ipv6_stub->ipv6_dev_find() may return ERR_PTR(-EAFNOSUPPORT) when the IPv6 s…
CVE-2026-43097 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: PCI: hv: Fix double ida_free in hv_pci_probe error path If hv_pci_probe() fails after storing the domain number in hbus->bridge->…
CVE-2026-43093 high 7.8 7.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: xsk: tighten UMEM headroom validation to account for tailroom and min frame The current headroom validation in xdp_umem_reg() cou…
CVE-2026-43091 high 7.8 7.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: xfrm: Wait for RCU readers during policy netns exit xfrm_policy_fini() frees the policy_bydst hash tables after flushing the poli…
CVE-2026-43084 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: make hash table per queue Sharing a global hash table among all queues is tempting, but it can cause …
CVE-2026-43078 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago Linux kernel vulnerabilities
CVE-2026-43076 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate inline data i_size during inode read When reading an inode from disk, ocfs2_validate_inode_block() performs vario…
CVE-2026-43075 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix out-of-bounds write in ocfs2_write_end_inline KASAN reports a use-after-free write of 4086 bytes in ocfs2_write_end_in…
CVE-2026-43074 high 7.8 7.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: eventpoll: defer struct eventpoll free to RCU grace period In certain situations, ep_free() in eventpoll.c will kfree the epi->ep…
CVE-2026-1719 high 7.5 7.5 1mo ago The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of su…
CVE-2026-7841 high 8.8 8.8 1mo ago A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server b…
CVE-2026-7332 high 7.2 7.2 1mo ago The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'booking_form_page_url' parameter in all versions up to, …
CVE-2026-7573 high 7.7 7.7 sles linux-kernel rapid7 1mo ago An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy …
CVE-2025-71256 high 7.5 7.5 1mo ago In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-71255 high 7.5 7.5 1mo ago In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-71254 high 7.5 7.5 1mo ago In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-71253 high 7.5 7.5 1mo ago In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-71252 high 7.5 7.5 1mo ago In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-71251 high 7.5 7.5 1mo ago In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2026-44405 low 3.4 3.4 slesdebian debian 1mo ago Paramiko rsakey.py allows the SHA-1 algorithm
CVE-2026-30922 high 7.5 7.5 FIX rhel sles rocky pyasn1 1mo ago Important: fence-agents security update
CVE-2026-43885 high 8.0 1mo ago AVideo Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor and Missing Authorization
CVE-2026-43884 high 7.7 7.7 1mo ago AVideo has SSRF Protection Bypass via HTTP Redirect and DNS Rebinding in isSSRFSafeURL()
CVE-2026-40075 high 7.5 7.5 openmrs 1mo ago OpenMRS ModuleResourcesServlet has Path Traversal that Leads to Arbitrary File Read
CVE-2026-6970 high 8.0 1mo ago authd: Primary group ID is incorrectly set to value of UID
CVE-2026-42611 high 8.9 8.9 getgrav 1mo ago Grav is Vulnerable to Stored XSS via Tag Injection
CVE-2026-42997 high 7.7 7.7 FIX debian debian 1mo ago An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-…
CVE-2026-42609 high 8.1 8.1 getgrav 1mo ago Grav Vulnerable to Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic
CVE-2026-42843 high 8.8 8.8 getgrav 1mo ago Grav API Privilege Escalation to Super Admin
CVE-2026-44167 high 7.5 7.5 FIX debian debian 1mo ago phpseclib has a CVE-2024-27355 mitigation bypass — OID amplification DoS in ASN1::decodeOID()
CVE-2026-40068 high 8.8 8.8 anthropic 1mo ago Claude Code: Trust Dialog Bypass via Git Worktree Spoofing Allows Arbitrary Code Execution
CVE-2026-39852 high 8.2 8.2 quarkus 1mo ago Quarkus has Authentication/Authorization bypasses
CVE-2026-39849 high 8.8 8.8 pi-hole 1mo ago Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. In versions before 6.6.1, the `dns.interface` configuration field in Pi-hole FTL accepted newline charac…
CVE-2026-39383 high 7.2 7.2 thecodingmachine 1mo ago Gotenberg Vulnerable to Unauthenticated SSRF via Unfiltered Webhook URL
CVE-2026-42266 high 8.8 8.8 debian debian jupyter 1mo ago JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed…
CVE-2026-7857 high 7.2 7.2 1mo ago A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /user_group.asp of the component CGI Handler. The manipulation leads to buffer…
CVE-2026-7856 high 7.2 7.2 1mo ago A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part of the file /url_member.asp of the component Web Management Interface. Executing a manipulation of the argument Name c…
CVE-2026-44331 high 8.1 8.1 FIX slesdebian debian 1mo ago In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted…
CVE-2026-40280 high 7.5 7.5 thecodingmachine 1mo ago Gotenberg has case-insensitive URL scheme that bypasses webhook and downloadFrom deny-list SSRF protection
CVE-2026-34596 high 7.0 7.0 sandboxie-plus 1mo ago Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a Time-of-Check-to-Time-of-Use (TOCTOU) race condition exists during addon installation.…
CVE-2026-34464 high 8.8 8.8 sandboxie-plus 1mo ago Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, NamedPipeServer::OpenHandler copies the server field from NAMED_PIPE_OPEN_REQ into a fix…
CVE-2026-34462 high 7.8 7.8 sandboxie-plus 1mo ago Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers (KillAllHandler, SuspendAllHandler, and RunSandboxedHandl…
CVE-2026-34461 high 7.8 7.8 sandboxie-plus 1mo ago Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGID_SBIE_I…
CVE-2026-34459 high 8.8 8.8 sandboxie-plus 1mo ago Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieSvc proxy service's GetRawInputDeviceInfoSlave handler contains two vulnerabilit…
CVE-2026-34458 high 8.8 8.8 sandboxie-plus 1mo ago Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, an INI injection vulnerability allows any standard local user to bypass configuration re…
CVE-2026-33489 high 7.5 7.5 windows windows coredns.io 1mo ago CoreDNS' transfer stanza selection uses lexicographic compare (subzone ACL bypass)
CVE-2026-33324 high 8.8 8.8 fit2cloud 1mo ago SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided que…
CVE-2026-33190 high 7.5 7.5 windows windows coredns.io 1mo ago CoreDNS has TSIG authentication bypass on DoT, DoH, DoH3, DoQ, and gRPC
CVE-2026-32936 high 7.5 7.5 windows windows coredns.io 1mo ago CoreDNS DoH GET oversized dns= query parameter causes pre-validation CPU and memory amplification
CVE-2026-32934 high 7.5 7.5 windows windows coredns.io 1mo ago CoreDNS' DoQ worker pool does not bound stream backlog
CVE-2024-52911 high 7.5 7.5 1mo ago Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14.
CVE-2026-7855 high 7.2 7.2 1mo ago A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by this issue is the function tggl_asp of the file /tggl.asp of the component HTTP Request Handler. Performing a manipulation of th…
CVE-2026-30923 high 7.5 7.5 FIX slesdebian debian owasp 1mo ago ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occu…
CVE-2026-43874 high 7.2 7.2 1mo ago AVideo has an Incomplete Fix for YPTSocket autoEvalCodeOnHTML Strip: Unauthenticated Cross-User JavaScript Execution via `$msg['json']` Relay Bypass
CVE-2026-43873 high 7.5 7.5 1mo ago AVideo: Unauthenticated Disclosure of CloneSite `myKey` via Error Echo in `cloneClient.json.php` Enables Cross-Site DB Dump of the Configured Clone Server