CVE Vulnerabilities - 6 May 2026

Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10 allow attackers to execute arbitrary code on a server. This means that a hacker could potentially take control of the server and acce...

A bug in wger allows an attacker with permission to reset the password of any other user. The new password is sent in plain text, allowing the attacker to take control of the account. This bug affects...

Rucio users with certain configurations may be able to access and modify sensitive data in the PostgreSQL database, including passwords and authentication sessions. This is due to a security weakness ...

Rucio users with Oracle databases may be at risk of unauthorized access to their data. An attacker can exploit this vulnerability to extract sensitive information such as passwords, authentication tok...

A flaw in PraisonAI's URL checking logic can be bypassed, allowing attackers to access internal servers. This could lead to unauthorized access to sensitive data or systems. To mitigate this issue, up...

OpenClaw versions before 2026.4.15 have a security flaw that lets attackers send requests without being authorized. This could allow them to execute arbitrary commands on your system. To stay secure, ...

OpenClaw versions before 2026.4.15 allow attackers to send requests without being authenticated. This can lead to unauthorized access and execution of arbitrary commands. Update to version 2026.4.15 o...

An attacker can inject malicious SQL code into phpMyFAQ's database by sending a specially crafted User-Agent header. This can happen when a user accesses the public captcha endpoint. To fix this, upda...

OpenClaw versions prior to 2026.4.15 have a security weakness that allows unauthorized users to execute commands without proper authorization. This means that sensitive data and operations can be acce...

A security issue in OpenClaw before 2026.4.15 can allow attackers to use old, revoked tokens to access the system. This is because the system does not correctly check the token's validity each time it...

Old versions of OpenClaw have a security weakness that lets hackers access browser sessions without proper permission. This could allow unauthorized access to sensitive information or actions. Update ...

A recent version of Nginx UI allows an attacker to upload a malicious backup file without a password, potentially giving them control over the server. This is a significant risk because the attacker c...

A bug in the Linux kernel's receive queue management system could cause crashes or unexpected behavior. This issue affects Linux systems and can be mitigated by updating to a fixed version of the kern...

The Linux kernel has a bug that can cause crashes or incorrect behavior when accessing the Receive Packet Steering (RPS) table. This bug has been fixed, and it's essential to update your Linux kernel ...

A bug in the Linux kernel's TCP connection handling could cause unexpected behavior or crashes. This issue affects Linux systems and can be mitigated by updating the kernel to the latest version. Affe...

A bug in the Linux kernel's TCP protocol for IPv6 connections has been fixed. This bug could have allowed other computers to use a new connection before it was fully set up, potentially causing errors...

A security update has fixed a bug in the Linux kernel's IPv6 handling. A malicious packet could cause the kernel to write data outside its allocated space, leading to a crash. This issue has been addr...

A vulnerability in the Linux kernel's IPv6 processing has been fixed. This vulnerability could cause a system crash if an attacker sent a specially crafted packet. To prevent this, the kernel now chec...

A vulnerability in the Linux kernel's ksmbd component could allow an attacker to cause a heap buffer overflow, potentially leading to system instability or crashes. This issue affects Linux systems us...

A bug in the Linux kernel's ksmbd SMB Direct Negotiation was fixed, which could have allowed an attacker to set an overly large receive size, potentially leading to a heap buffer overflow. This bug ha...

A vulnerability in the Linux kernel's Distributed Lock Manager (DLM) has been fixed. This issue could cause data corruption if malicious network messages were sent to a system running the DLM. The fix...

A bug in the Linux kernel's Distributed Lock Manager (DLM) could allow an attacker to send malicious network messages that could potentially cause the system to crash or behave unexpectedly. This issu...

The Linux kernel's dlm_search_rsb_tree function does not properly check the length of data received from network messages. This could allow an attacker to cause data corruption or other issues. To fix...

HCL DFXAnalytics uses outdated libraries from other companies. If not updated, these libraries can be exploited by attackers to gain access to the application or damage it. To stay secure, update HCL ...

A critical vulnerability in a popular WordPress plugin allows attackers to upload malicious files, potentially leading to site takeover or data theft. This affects WordPress sites that use the affecte...