392 matches found
CVE-2026-8996
The CVE-2026-8996 entry describes a Sensitive Information Exposure in the WordPress plugin “Backup and Staging by WP Time Capsule” up to version 1.22.26. The flaw is exposed via download_recent_decrypted_file_wptc, enabling authenticated users with subscriber-level access (or higher) to obtain th...
CVE-2026-8996
The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.22.26 via the downloadrecentdecryptedfilewptc. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
CVE-2026-8996 Backup and Staging by WP Time Capsule <= 1.22.26 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via download_recent_decrypted_file_wptc Function
The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.22.26 via the downloadrecentdecryptedfilewptc. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
Important: Red Hat Security Advisory: Satellite 6.17.9 Async Update
A new release is now available for Red Hat Satellite 6.17 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
PT-2026-54786
Name of the Vulnerable Software and Affected Versions Foreman affected versions not specified satellite-capsule:el8/foreman affected versions not specified Description The Usergroup model fails to properly validate role assignments against the permissions of the calling user. This improper...
SUSE-SU-2026:2696-1 Security update for 7zip
This update for 7zip fixes the following issues Update to 26.01: - CVE-2026-48092: Information disclosure in 32-bit builds due to heap memory disclosure bsc1267858. - CVE-2026-48095: Heap buffer overflow via NTFS compressed stream buffer under-allocation bsc1267421. - CVE-2026-48101: Information...
CVE-2026-53047
A flaw was found in the Linux kernel's EFI Extensible Firmware Interface capsule loader. An incorrect size calculation during memory reallocation for physical addresses can lead to an undersized buffer. This issue, specifically on 32-bit systems with Physical Address Extension PAE, may result in ...
Linux Distros Unpatched Vulnerability : CVE-2026-53047
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - efi/capsule-loader: fix incorrect sizeof in phys array reallocation The krealloc call for capinfo-phys in eficapsulesetupinfo uses sizeofphysaddrt instead of...
CVE-2026-53047
In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect sizeof in phys array reallocation The krealloc call for capinfo-phys in eficapsulesetupinfo uses sizeofphysaddrt instead of sizeofphysaddrt, which might be causing an undersized allocation. The...
EUVD-2026-38915
In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect sizeof in phys array reallocation The krealloc call for capinfo-phys in eficapsulesetupinfo uses sizeofphysaddrt instead of sizeofphysaddrt, which might be causing an undersized allocation. The...
CVE-2026-53047
CVE-2026-53047 affects the Linux kernel’s efi/capsule-loader. The vulnerability arises from a mis-sized allocation in __efi_capsule_setup_info(): the krealloc() for cap_info->phys uses sizeof(phys_addr_t *) instead of sizeof(phys_addr_t). This can produce an undersized allocation, inconsistent...
PT-2026-51941
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An undersized allocation occurs in the efi capsule setup info function due to the use of sizeofphys addr t instead of sizeofphys addr t during a krealloc call for the cap info-phys...
OPENSUSE-SU-2026:21038-1 Security update for 7zip
This update for 7zip fixes the following issues Update to 26.01: - CVE-2026-48092: Information disclosure in 32-bit builds due to heap memory disclosure bsc1267858. - CVE-2026-48095: Heap buffer overflow via NTFS compressed stream buffer under-allocation bsc1267421. - CVE-2026-48101: Information...
SUSE-SU-2026:22347-1 Security update for 7zip
This update for 7zip fixes the following issues Update to 26.01: - CVE-2026-48092: Information disclosure in 32-bit builds due to heap memory disclosure bsc1267858. - CVE-2026-48095: Heap buffer overflow via NTFS compressed stream buffer under-allocation bsc1267421. - CVE-2026-48101: Information...
CVE-2020-37255
WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by sending a crafted POST request with the IWPJSONPREFIX header. Attackers can exploit this flaw to obtain valid administrator session cookies...
CVE-2020-37255
WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by sending a crafted POST request with the IWPJSONPREFIX header. Attackers can exploit this flaw to obtain valid administrator session cookies...
EUVD-2020-31256
WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by sending a crafted POST request with the IWPJSONPREFIX header. Attackers can exploit this flaw to obtain valid administrator session cookies...
CVE-2020-37255 WordPress Time Capsule Plugin 1.21.16 Authentication Bypass
WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by sending a crafted POST request with the IWPJSONPREFIX header. Attackers can exploit this flaw to obtain valid administrator session cookies...
CVE-2020-37255
CVE-2020-37255 affects WordPress Time Capsule Plugin version 1.21.16. The vulnerability is an authentication bypass that lets unauthenticated attackers craft a POST request containing the IWP_JSON_PREFIX header to obtain a valid administrator session cookie and gain access to the WordPress dashbo...
PT-2026-51140
Name of the Vulnerable Software and Affected Versions WordPress Time Capsule Plugin version 1.21.16 Description An authentication bypass allows unauthenticated attackers to gain administrative access by sending a crafted POST request containing the IWP JSON PREFIX header. This flaw enables the...