4742 matches found
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: mariadb-connector-c: mariadb-connector-c-3.4.9-1.hum1 aarch64, x8664 mariadb-connector-c-config-3.4.9-1.hum1 noarch mariadb-connector-c-devel-3.4.9-1.hum1 aarch64, x8664...
CVE-2026-53135
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL deref and buffer over-read in SDP debugfs Why & How dpsdpmessagedebugfswrite dereferences connector-base.state-crtc without checking for NULL. A connector can be connected but not bound to any CRTC e.g...
Malicious code in leo-connector-oracle (npm)
The leo-connector-oracle npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...
MAL-2026-6425 Malicious code in leo-connector-mysql (npm)
The leo-connector-mysql npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...
Malicious code in leo-connector-mysql (npm)
The leo-connector-mysql npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...
MAL-2026-6426 Malicious code in leo-connector-oracle (npm)
The leo-connector-oracle npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...
EUVD-2026-38926
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: cadence: cdns-mhdp8546-core: Set the mhdp connector earlier in atomicenable In case if we get errors in cdnsmhdplinkup or cdnsmhdpregread in atomicenable, we will go to cdnsmhdpmodesetretryfn and will hit NULL pointer...
CVE-2026-53058
The CVE-2026-53058 entry documents a fix in the Linux kernel’s DRM Cadence driver: in the cdns-mhdp8546-core, the mhdp connector must be set earlier in atomic_enable to prevent a NULL pointer dereference in recovery paths (e.g., modeset_retry_fn) when errors occur in cdns_mhdp_link_up() or cdns_m...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: drm/panel-simple: Fixed the connector type for the DataImage SCF0700C48GGU18 panel. The connector type for the DataImage SCF0700C48GGU18 panel is missing, and devmdrmpanelbridgeadd requires the connector type to be set. This...
WordPress WP Forms Connector plugin <= 1.8 - Missing Authorization to Unauthenticated Information Exposure vulnerability
Missing Authorization to Unauthenticated Information Exposure vulnerability discovered by jamaal in WordPress Plugin WP Forms Connector versions = 1.8...
WordPress WP Forms Connector plugin <= 1.8 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by jamaal in WordPress Plugin WP Forms Connector versions = 1.8...
CVE-2026-9179
The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to and including 1.8. This is due to insufficient escaping on the user-supplied 'order' parameter read directly from $GET'order' into...
CVE-2026-9178
The WP Forms Connector plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.8. The plugin registers the REST route wp/v3/user/list/ callback userDetail with permissioncallback set to 'returntrue', and the function's home-grown authentication only...
CVE-2026-9178
The WP Forms Connector for WordPress (versions <= 1.8) exposes sensitive user data via REST: wp/v3/user/list/ with a permissive permission_callback and weak internal auth. The vulnerability allows unauthenticated access to per-user data, including the WordPress password hash (user_pass) and em...
EUVD-2026-38689
The WP Forms Connector plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.8. The plugin registers the REST route wp/v3/user/list/ callback userDetail with permissioncallback set to 'returntrue', and the function's home-grown authentication only...
CVE-2026-9179
Summary: WP Forms Connector for WordPress (versions ≤ 1.8) is susceptible to unauthenticated SQL injection via the order parameter in the /wp-json/wp/v3/post/list endpoint. The root cause is insufficient escaping of $_GET['order'], with the value concatenated into the ORDER BY clause and executed...
CVE-2026-9179 WP Forms Connector <= 1.8 - Unauthenticated SQL Injection via 'order' Parameter
The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to and including 1.8. This is due to insufficient escaping on the user-supplied 'order' parameter read directly from $GET'order' into...
PT-2026-51692
Name of the Vulnerable Software and Affected Versions WP Forms Connector versions prior to 1.9 Description The plugin contains an information exposure flaw via the REST route 'wp/v3/user/list/' which uses the userDetail function. The authentication mechanism only checks if the Username HTTP heade...
PT-2026-51693
Name of the Vulnerable Software and Affected Versions WP Forms Connector versions prior to 1.9 Description An issue exists where unauthenticated attackers can execute additional SQL queries to extract sensitive information from the database. This occurs via the /wp-json/wp/v3/post/list REST...
PT-2026-51952
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference can occur in the recovery paths of the cadence cdns-mhdp8546-core driver. When errors occur in the cdns mhdp link up or cdns mhdp reg read functions during...