7.5
CVE-2026-29856 -
An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service (ReDoS) via a crafted input.
5.5
CVE-2026-23254 - net: gro: fix outer network offset
In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the `encapsulation` flag zeroed. Such assumption is not true, as a few H/W NICs can set such flag when H/W offloadingβ¦
8
CVE-2025-55041 - CSRF Privilege Escalation via Add To Group in MuraCMS
MuraCMS through 10.1.10 contains a CSRF vulnerability in the Add To Group functionality for user management (cUsers.cfc addToGroup method) that allows attackers to escalate privileges by adding any user to any group without proper authorization checks. The vulnerable function lacks CSRF token validβ¦
7.5
CVE-2026-30345 - CTFd Zip Slip Vulnerability in Admin Import Enables Arbitrary File Write
A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import.
9.8
CVE-2025-67830 - SQL Injection in Mura CMS beanFeed.cfc getQuery sortby Parameter
Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection.
8.1
CVE-2025-55046 -
MuraCMS through 10.1.10 contains a CSRF vulnerability that allows attackers to permanently destroy all deleted content stored in the trash system through a simple CSRF attack. The vulnerable cTrash.empty function lacks CSRF token validation, enabling malicious websites to forge requests that irreveβ¦
9.1
CVE-2026-30704 - Unprotected UART Interface in Yeapook WDR201A WiFi Extender (CVE-2026-30704)
The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) exposes an unprotected UART interface through accessible hardware pads on the PCB
0.0
CVE-2026-23265 - f2fs: fix to do sanity check on node footer in {read,write}_end_io
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node footer in {read,write}_end_io -----------[ cut here ]------------ kernel BUG at fs/f2fs/data.c:358! Call Trace: <IRQ> blk_update_request+0x5eb/0xe70 block/blk-mq.c:987 blk_mq_end_request+0xβ¦
7.0
CVE-2026-23262 - gve: Fix stats report corruption on queue count change
In the Linux kernel, the following vulnerability has been resolved: gve: Fix stats report corruption on queue count change The driver and the NIC share a region in memory for stats reporting. The NIC calculates its offset into this region based on the total size of the stats region and the size oβ¦
8.8
CVE-2025-55040 - CSRF Upload Exploit Enables Malicious Form Installation in MuraCMS
The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install malicious form definitions through a CSRF attack. The vulnerable cForm.importform function lacks CSRF token validation, enabling malicious websites to forge file upload requests that install attackeβ¦