A Demokráciák Védelméért Alapítvány (FDD) új elemzése arra figyelmeztet, hogy a kínai gyártású mobilhálózati modulok tömeges jelenléte az amerikai kritikus
Vulnerabilities
CVE-2026-40318 | SiYuan up to 3.6.3 removeUnusedAttributeView ID path traversal (GHSA-vw86-c94w-v3x4)
A vulnerability was found in SiYuan up to 3.6.3. It has been classified as problematic. Affected by this issue is
CVE-2026-22734 | Cloud Foundry UUA up to 78.8.0 SAML 2.0 Bearer Assertion authentication spoofing
A vulnerability was found in Cloud Foundry UUA up to 78.8.0. It has been declared as critical. This affects an
CVE-2026-5162 | wproyal Royal Addons for Elementor Plugin up to 1.7.1056 on WordPress Instagram Feed Widget instagram_follow_text cross site scripting
A vulnerability was found in wproyal Royal Addons for Elementor Plugin up to 1.7.1056 on WordPress. It has been rated
CVE-2026-40255 | adonisjs http-server/http-core prior v7.8.1 response.redirect (GHSA-6qvv-pj99-48qm)
A vulnerability categorized as problematic has been discovered in adonisjs http-server and http-core. This issue affects the function response.redirect. Executing
CVE-2026-3605 | HashiCorp Vault/Vault Enterprise up to 1.21.0 Policy authentication bypass
A vulnerability identified as critical has been detected in HashiCorp Vault and Vault Enterprise. Impacted is an unknown function of
CVE-2026-40922 | SiYuan up to 3.6.3 Bazaar cross site scripting (GHSA-4663-4mpg-879v)
A vulnerability labeled as problematic has been found in SiYuan up to 3.6.3. The affected element is an unknown function
CVE-2026-40322 | SiYuan up to 3.6.3 Mermaid cross site scripting (GHSA-x63q-3rcj-hhp5)
A vulnerability marked as problematic has been reported in SiYuan up to 3.6.3. The impacted element is an unknown function
CVE-2026-5052 | HashiCorp Vault/Vault Enterprise up to 1.21.0 PKI Engine ACME Validation server-side request forgery
A vulnerability described as critical has been identified in HashiCorp Vault and Vault Enterprise. This affects an unknown function of
CVE-2026-40265 | enchant97 note-mark up to 0.19.1 Asset Download Endpoint assets authorization (GHSA-p5w6-75f9-cc2p)
A vulnerability classified as problematic has been found in enchant97 note-mark up to 0.19.1. This impacts an unknown function of
CVE-2026-40259 | SiYuan up to 3.6.3 removeUnusedAttributeView ID improper authorization (GHSA-7m5h-w69j-qggg)
A vulnerability classified as critical was found in SiYuan up to 3.6.3. Affected is an unknown function of the file
CVE-2026-41113 | sagredo qmail up to 2026.04.06 qmail-remote.c tls_quit os command injection
A vulnerability, which was classified as critical, was found in sagredo qmail up to 2026.04.06. Affected by this issue is
CVE-2026-4525 | HashiCorp Vault/Vault Enterprise up to 1.21.0 Header Authorization insertion of sensitive information into sent data
A vulnerability, which was classified as problematic, has been found in HashiCorp Vault and Vault Enterprise. Affected by this vulnerability
CVE-2024-58343 | Vision Helpdesk up to 5.6.9 User Profile vis_client_id direct request
A vulnerability has been found in Vision Helpdesk up to 5.6.9 and classified as problematic. This affects the function vis_client_id
CVE-2026-5234 | LatePoint Plugin up to 5.3.2 on WordPress Error Message create_payment_intent_for_transaction transaction_intent_key authorization
A vulnerability was found in LatePoint Plugin up to 5.3.2 on WordPress and classified as critical. This vulnerability affects the
CVE-2026-5427 | extendthemes Kubio AI Page Builder Plugin up to 2.7.2 on WordPress REST API kubio_rest_pre_insert_import_assets authorization
A vulnerability was found in extendthemes Kubio AI Page Builder Plugin up to 2.7.2 on WordPress. It has been classified
CVE-2026-4853 | backupguard JetBackup Plugin up to 3.1.19.8 on WordPress Invalid File sanitize_text_field fileName path traversal
A vulnerability was found in backupguard JetBackup Plugin up to 3.1.19.8 on WordPress. It has been declared as critical. Impacted
CVE-2026-6080 | themeum Tutor LMS Plugin up to 3.9.8 on WordPress prepare Date sql injection
A vulnerability was found in themeum Tutor LMS Plugin up to 3.9.8 on WordPress. It has been rated as critical.
CVE-2026-5807 | HashiCorp Vault/Vault Enterprise up to 1.x Token Generation allocation of resources
A vulnerability categorized as problematic has been discovered in HashiCorp Vault and Vault Enterprise up to 1.x. The impacted element
CVE-2026-5502 | themeum Tutor LMS Plugin up to 3.9.8 on WordPress tutor_update_course_content_order content_parent authorization
A vulnerability identified as critical has been detected in themeum Tutor LMS Plugin up to 3.9.8 on WordPress. This affects
CVE-2026-3330 | 10web Form Maker Plugin up to 1.15.40 on WordPress validate_data sql injection
A vulnerability labeled as critical has been found in 10web Form Maker Plugin up to 1.15.40 on WordPress. This impacts
SUSE 2026 TIFF Moderate Issues NULL Pointer Buffer Overflow 2026-1408-1
An update that solves two vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
Ubuntu Server 22.04 SUSE-SU-2027-1560-3 Major Security Flaws in Ansible
An update that solves two vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 24.04 LTS ESAPI Critical XSS Control-Flow Bypass USN-8181-1
Several security issues were fixed in ESAPI.LinuxSecurity – Security AdvisoriesRead More
SUSE 2026 Util-linux Moderate Access Control Bypass 2026-1406-1
An update that solves one vulnerability and has two security fixes can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE Linux Enterprise Server 12 SP5 Moderate TIFF Security Issues Found
An update that solves two vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE 2026-0130-1 python-jwcrypto Important Bypass DoS Mem Exhaustion
An update that fixes four vulnerabilities is now available.LinuxSecurity – Security AdvisoriesRead More
SUSE OpenSSL Important Null Dereference Buffer Overflow Fix 2026-1386-1
An update that solves five vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE 15 SP7 MozillaThunderbird Important Memory Safety Patch 2026-1379-1
An update that solves three vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE 12 SP5 python3 Important Update 2026-1385-1 Fixes Five Issues
An update that solves five vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 24.04 LTS Linux-NVIDIA Critical Security Update USN-8148-7
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 24.04 LTS Linux Kernel Critical EntrySign Load Issue USN-8179-1
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 22.04 LTS Kernel Security Advisory USN-8180-1 Critical Update
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
CVE-2023-20585 | AMD EPYC 7003 Processors access of memory location after end of buffer (EUVD-2023-24764)
A vulnerability, which was classified as problematic, was found in AMD EPYC 7003 Processors, EPYC 9004 Processors, EPYC Embedded 7003
CVE-2025-43937 | Dell PowerScale OneFS up to 9.12.0.0 log file (dsa-2025-347)
A vulnerability has been found in Dell PowerScale OneFS up to 9.12.0.0 and classified as problematic. This issue affects some
CVE-2025-54510 | AMD EPYC 9004 Processors lock check (EUVD-2025-209510)
A vulnerability was found in AMD EPYC 9004 Processors, EPYC 7003 Processors, EPYC 9005 Processors, EPYC 8004 Processors, EPYC Embedded
CVE-2025-54502 | AMD EPYC 9004 Processors exposure of resource (EUVD-2025-209508)
A vulnerability was found in AMD EPYC 9004 Processors, EPYC 7003 Processors, EPYC 7002 Processors, EPYC 4004 Processors, EPYC 9005
CVE-2025-43883 | Dell PowerScale OneFS up to 9.12.0.0 unusual condition (dsa-2025-347 / EUVD-2025-209502)
A vulnerability was found in Dell PowerScale OneFS up to 9.12.0.0. It has been declared as problematic. The impacted element
CVE-2026-6442 | Snowflake Cortex Code CLI up to 1.0.24 improper validation of syntactic correctness of input (EUVD-2026-23292)
A vulnerability was found in Snowflake Cortex Code CLI up to 1.0.24. It has been rated as critical. This affects
CVE-2026-41080 | libexpat up to 2.7.5 XML Document entropy (ID 47 / EUVD-2026-23276)
A vulnerability categorized as problematic has been discovered in libexpat up to 2.7.5. This impacts an unknown function of the
CVE-2026-41082 | OCaml opam up to 2.5.0 Destination install path traversal (EUVD-2026-23288)
A vulnerability identified as problematic has been detected in OCaml opam up to 2.5.0. Affected is an unknown function of
CVE-2026-33122 | DataEase up to 2.10.20 API Datasource Update Process update deTableName sql injection
A vulnerability labeled as critical has been found in DataEase up to 2.10.20. Affected by this vulnerability is an unknown
CVE-2026-33207 | DataEase up to 2.10.20 getTableField tableName sql injection
A vulnerability marked as critical has been reported in DataEase up to 2.10.20. Affected by this issue is some unknown
CVE-2026-40899 | DataEase up to 2.10.20 getJdbc permissive list of allowed inputs
A vulnerability described as problematic has been identified in DataEase up to 2.10.20. This affects the function getJdbc. Executing a
CVE-2026-27820 | ruby zlib up to 3.0.0/3.1.1/3.2.2 zlib::GzipReader buffer overflow (GHSA-g857-hhfv-j68w)
A vulnerability categorized as critical has been discovered in ruby zlib up to 3.0.0/3.1.1/3.2.2. The affected element is the function
CVE-2026-24749 | SilverStripe Assets Module up to 2.4.4/3.1.2 getSourceURL authorization (GHSA-jgcf-rf45-2f8v)
A vulnerability identified as problematic has been detected in SilverStripe Assets Module up to 2.4.4/3.1.2. The impacted element is the
CVE-2026-33082 | DataEase up to 2.10.20 exportDataset expressionTree sql injection (GHSA-xxpw-2c8q-g693)
A vulnerability labeled as critical has been found in DataEase up to 2.10.20. This affects an unknown function of the
CVE-2026-33083 | DataEase up to 2.10.20 enumValueDs Order2SQLObj sql injection (GHSA-f443-95cf-m837)
A vulnerability marked as critical has been reported in DataEase up to 2.10.20. This impacts the function Order2SQLObj of the
CVE-2026-33084 | DataEase up to 2.10.20 DatasetDataManage Service Layer enumValueObj sort sql injection
A vulnerability described as critical has been identified in DataEase up to 2.10.20. Affected is an unknown function of the
CVE-2026-33121 | DataEase up to 2.10.20 API deTableName sql injection
A vulnerability classified as critical has been found in DataEase up to 2.10.20. Affected by this vulnerability is an unknown
CVE-2026-2336 | Microchip IStaX up to 2026.2 webstax_auth entropy
A vulnerability classified as problematic was found in Microchip IStaX up to 2026.2. Affected by this issue is some unknown
CVE-2025-43935 | Dell PowerScale OneFS up to 9.12.0.0 denial of service (dsa-2025-347)
A vulnerability, which was classified as problematic, has been found in Dell PowerScale OneFS up to 9.12.0.0. This affects an
Ubuntu 25.10 .NET Important Denial of Service USN-8176-1
Several security issues were fixed in .NET.LinuxSecurity – Security AdvisoriesRead More
AlmaLinux 9 RLSA-2028-8301 Chrome Major DoS Infinite Script Execution
Important: firefox security updateLinuxSecurity – Security AdvisoriesRead More
Rocky Linux 8 nghttp2 Notable Service Disruption Patch RLSA-2023-5890
Important: nghttp2 security updateLinuxSecurity – Security AdvisoriesRead More
Ubuntu OS 22.04 LTS XYZ-2025-7890 Major Average Risk Assessment
Important: vim security updateLinuxSecurity – Security AdvisoriesRead More
Rocky Linux 8 pcs Moderate Denial of Service Update RLSA-2026-8093
Moderate: pcs security updateLinuxSecurity – Security AdvisoriesRead More
SUSE 15-SP7 Kea Important Buffer Overflow Vuln 2026-1378-1
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
CVE-2026-4160 | techjewel Fluent Forms Plugin 6.1.21 on WordPress AJAX Endpoint submission_id authorization
A vulnerability labeled as critical has been found in techjewel Fluent Forms Plugin 6.1.21 on WordPress. This affects an unknown
CVE-2026-6410 | fastify static up to 9.1.0 Directory Listing dirList.path path traversal (GHSA-pr96-94w5-mx2h)
A vulnerability marked as critical has been reported in fastify static up to 9.1.0. This vulnerability affects the function dirList.path
CVE-2026-31987 | Apache Airflow up to 3.1.x JWT Token log file (ID 62428)
A vulnerability described as problematic has been identified in Apache Airflow up to 3.1.x. This issue affects some unknown processing
CVE-2026-5785 | Zoho ManageEngine PAM360 Query Report sql injection
A vulnerability classified as critical has been found in Zoho ManageEngine PAM360 and ManageEngine Password Manager Pro. Impacted is an
CVE-2026-2840 | onlineoptimisation Email Encoder Plugin up to 2.4.4 on WordPress eeb_mailto cross site scripting
A vulnerability classified as problematic was found in onlineoptimisation Email Encoder Plugin up to 2.4.4 on WordPress. The affected element
CVE-2026-33804 | fastify middie up to 9.3.1 interpretation conflict
A vulnerability, which was classified as problematic, has been found in fastify middie up to 9.3.1. The impacted element is
CVE-2026-6270 | fastify middie up to 9.3.1 interpretation conflict (GHSA-hrwm-hgmj-7p9c)
A vulnerability, which was classified as critical, was found in fastify middie up to 9.3.1. This affects an unknown function.
CVE-2026-30459 | Daylight Studio FuelCMS 1.5.2 Forgot Password Feature password recovery
A vulnerability has been found in Daylight Studio FuelCMS 1.5.2 and classified as problematic. This impacts an unknown function of
CVE-2026-6409 | Protocol Buffers Protobuf-php up to 4.33.5/5.33.x Structured Message denial of service (GHSA-p2gh-cfq4-4wjc)
A vulnerability was found in Protocol Buffers Protobuf-php up to 4.33.5/5.33.x and classified as problematic. Affected is an unknown function
CVE-2026-37336 | SourceCodester Simple Music Cloud Community System 1.0 /music/view_music.php sql injection
A vulnerability was found in SourceCodester Simple Music Cloud Community System 1.0. It has been classified as critical. Affected by
CVE-2026-37337 | SourceCodester Simple Music Cloud Community System 1.0 /music/view_playlist.php sql injection
A vulnerability was found in SourceCodester Simple Music Cloud Community System 1.0. It has been declared as critical. Affected by
CVE-2026-37338 | SourceCodester Simple Music Cloud Community System 1.0 /music/view_user.php sql injection
A vulnerability was found in SourceCodester Simple Music Cloud Community System 1.0. It has been rated as critical. This affects
CVE-2026-37339 | SourceCodester Simple Music Cloud Community System 1.0 /music/view_genre.php sql injection
A vulnerability categorized as critical has been discovered in SourceCodester Simple Music Cloud Community System 1.0. This vulnerability affects unknown
CVE-2026-37340 | SourceCodester Simple Music Cloud Community System 1.0 /music/edit_music.php sql injection
A vulnerability identified as critical has been detected in SourceCodester Simple Music Cloud Community System 1.0. This issue affects some
CVE-2026-37341 | SourceCodester Vehicle Parking Area Management System 1.0 manage_category.php sql injection
A vulnerability labeled as critical has been found in SourceCodester Vehicle Parking Area Management System 1.0. Impacted is an unknown
CVE-2026-37342 | SourceCodester Vehicle Parking Area Management System 1.0 view_parked_details.php sql injection
A vulnerability marked as critical has been reported in SourceCodester Vehicle Parking Area Management System 1.0. The affected element is
CVE-2026-37343 | SourceCodester Vehicle Parking Area Management System 1.0 /parking/manage_user.php sql injection
A vulnerability described as critical has been identified in SourceCodester Vehicle Parking Area Management System 1.0. The impacted element is
CVE-2026-3324 | Zoho ManageEngine Log360 up to 13013 Filter Configuration authentication bypass
A vulnerability classified as critical has been found in Zoho ManageEngine Log360 up to 13013. This affects an unknown function
CVE-2026-37100 | Yamaha SR-B30A Sound Bar 2.40 Bluetooth Low Energy improper authentication
A vulnerability classified as critical was found in Yamaha SR-B30A Sound Bar 2.40. This impacts an unknown function of the
CVE-2026-30656 | fio 3.41 Job File Parser str_fdp_pli_cb null pointer dereference (Issue 2055)
A vulnerability, which was classified as problematic, has been found in fio 3.41. Affected is the function str_fdp_pli_cb of the
CVE-2026-37344 | SourceCodester Vehicle Parking Area Management System 1.0 manage_location.php sql injection
A vulnerability, which was classified as critical, was found in SourceCodester Vehicle Parking Area Management System 1.0. Affected by this
CVE-2026-37345 | SourceCodester Vehicle Parking Area Management System 1.0 /parking/manage_park.php sql injection
A vulnerability has been found in SourceCodester Vehicle Parking Area Management System 1.0 and classified as critical. Affected by this
CVE-2026-37346 | SourceCodester Payroll Management and Information System 1.0 view_account.php?emp_id= sql injection
A vulnerability was found in SourceCodester Payroll Management and Information System 1.0 and classified as critical. This affects an unknown
CVE-2026-37347 | SourceCodester Payroll Management and Information System 1.0 view_employee.php sql injection
A vulnerability was found in SourceCodester Payroll Management and Information System 1.0. It has been classified as critical. This vulnerability
CVE-2026-5426 | Digital Knowledge KnowledgeDeliver prior 20260224 ViewState machineKey hard-coded key (MNDT-2026-0009)
A vulnerability was found in Digital Knowledge KnowledgeDeliver. It has been declared as problematic. This issue affects some unknown processing
CVE-2025-36579 | Dell Client Platform BIOS password recovery (dsa-2025-153)
A vulnerability was found in Dell Client Platform. It has been rated as problematic. Impacted is an unknown function of
SUSE Linux Micro Kernel Important Security Fix 2026-21096-1
An update that solves eight vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE Linux Micro 6.2 pcre2 Moderate Heap Buffer Overread Flaw 2026-21094-1
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE Linux Micro 6.2 sqlite3 Moderate Memory Leak of Integers 2026-21095-1
An update that solves two vulnerabilities and has two fixes can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE python310 Important Command Injection Security Update 2026-1376-1
An update that solves five vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE 15.4 python310 Important Patch for Multiple Issues 2026-1376-1
An update that solves five vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE OpenSSL 3 Receives Important Security Update 2026-1375-1 Now
An update that solves six vulnerabilities and contains one feature can now be installed.LinuxSecurity – Security AdvisoriesRead More
CVE-2026-31843 | goodoneuz pay-uz up to 2.2.24 Endpoint update Route::any access control
A vulnerability was found in goodoneuz pay-uz up to 2.2.24 and classified as critical. The impacted element is the function
CVE-2026-3155 | OneSignal Plugin up to 3.8.0 on WordPress authorization (EUVD-2026-23219)
A vulnerability was found in OneSignal Plugin up to 3.8.0 on WordPress. It has been classified as problematic. This affects
CVE-2026-3489 | designinvento DirectoryPress Plugin up to 3.6.26 on WordPress packages sql injection (EUVD-2026-23223)
A vulnerability was found in designinvento DirectoryPress Plugin up to 3.6.26 on WordPress. It has been declared as critical. This
CVE-2026-6414 | fastify static up to 9.1.0 url encoding (GHSA-x428-ghpx-8j92)
A vulnerability was found in fastify static up to 9.1.0. It has been rated as problematic. Affected is an unknown
CVE-2026-3369 | codesolz Better Find and Replace Plugin up to 1.7.9 on WordPress Uploaded Image Title cross site scripting (EUVD-2026-23221)
A vulnerability categorized as problematic has been discovered in codesolz Better Find and Replace Plugin up to 1.7.9 on WordPress.
CVE-2025-15621 | Sparx Systems Sparx Enterprise Architect up to 16.1.1627/17.1.1713 OAuth2 Credential insufficiently protected credentials (EUVD-2025-209499)
A vulnerability identified as problematic has been detected in Sparx Systems Sparx Enterprise Architect up to 16.1.1627/17.1.1713. Affected by this
CVE-2025-12624 | WSO2 Identity Server up to 5.2.0.34 Access Token session expiration
A vulnerability has been found in WSO2 Identity Server up to 5.2.0.34 and classified as problematic. The affected element is
CVE-2024-2374 | WSO2 API Manager XML Parser xml external entity reference (EUVD-2024-27327)
A vulnerability marked as problematic has been reported in WSO2 API Manager, Identity Server, Open Banking AM, Open Banking IAM
CVE-2026-23772 | Dell Storage Manager up to 8.0 privileges management (dsa-2026-058)
A vulnerability described as critical has been identified in Dell Storage Manager up to 8.0. Affected by this issue is
CVE-2024-8010 | WSO2 API Manager prior 4.3.0.39 Publisher xml external entity reference
A vulnerability classified as problematic has been found in WSO2 API Manager. This affects an unknown part of the component
CVE-2024-10242 | WSO2 API Manager prior 3.2.0.401/4.0.0.318 Authentication Endpoint cross site scripting
A vulnerability classified as problematic was found in WSO2 API Manager. This vulnerability affects unknown code of the component Authentication