Lucene search
K

4742 matches found

RedHat Linux
RedHat Linux
added 2026/06/25 9:7 p.m.5 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: mariadb-connector-c: mariadb-connector-c-3.4.9-1.hum1 aarch64, x8664 mariadb-connector-c-config-3.4.9-1.hum1 noarch mariadb-connector-c-devel-3.4.9-1.hum1 aarch64, x8664...

9.8CVSS5.9AI score0.00419EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 9:16 a.m.5 views

CVE-2026-53135

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL deref and buffer over-read in SDP debugfs Why & How dpsdpmessagedebugfswrite dereferences connector-base.state-crtc without checking for NULL. A connector can be connected but not bound to any CRTC e.g...

5.5CVSS0.00122EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.8 views

Malicious code in leo-connector-oracle (npm)

The leo-connector-oracle npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/24 11:4 p.m.6 views

MAL-2026-6425 Malicious code in leo-connector-mysql (npm)

The leo-connector-mysql npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.12 views

Malicious code in leo-connector-mysql (npm)

The leo-connector-mysql npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/06/24 11:4 p.m.9 views

MAL-2026-6426 Malicious code in leo-connector-oracle (npm)

The leo-connector-oracle npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

5.8AI score
Exploits0References3
EUVD
EUVD
added 2026/06/24 4:30 p.m.4 views

EUVD-2026-38926

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: cadence: cdns-mhdp8546-core: Set the mhdp connector earlier in atomicenable In case if we get errors in cdnsmhdplinkup or cdnsmhdpregread in atomicenable, we will go to cdnsmhdpmodesetretryfn and will hit NULL pointer...

5.8AI score0.00168EPSS
Exploits0References5
CVE
CVE
added 2026/06/24 4:30 p.m.15 views

CVE-2026-53058

The CVE-2026-53058 entry documents a fix in the Linux kernel’s DRM Cadence driver: in the cdns-mhdp8546-core, the mhdp connector must be set earlier in atomic_enable to prevent a NULL pointer dereference in recovery paths (e.g., modeset_retry_fn) when errors occur in cdns_mhdp_link_up() or cdns_m...

5.8AI score0.00168EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/panel-simple: Fixed the connector type for the DataImage SCF0700C48GGU18 panel. The connector type for the DataImage SCF0700C48GGU18 panel is missing, and devmdrmpanelbridgeadd requires the connector type to be set. This...

5.7AI score0.00173EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/24 8:43 a.m.6 views

WordPress WP Forms Connector plugin <= 1.8 - Missing Authorization to Unauthenticated Information Exposure vulnerability

Missing Authorization to Unauthenticated Information Exposure vulnerability discovered by jamaal in WordPress Plugin WP Forms Connector versions = 1.8...

7.5CVSS5.8AI score0.00347EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/24 8:38 a.m.7 views

WordPress WP Forms Connector plugin <= 1.8 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by jamaal in WordPress Plugin WP Forms Connector versions = 1.8...

7.5CVSS6AI score0.00376EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/24 7:16 a.m.13 views

CVE-2026-9179

The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to and including 1.8. This is due to insufficient escaping on the user-supplied 'order' parameter read directly from $GET'order' into...

7.5CVSS0.00376EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 7:16 a.m.12 views

CVE-2026-9178

The WP Forms Connector plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.8. The plugin registers the REST route wp/v3/user/list/ callback userDetail with permissioncallback set to 'returntrue', and the function's home-grown authentication only...

7.5CVSS0.00347EPSS
Exploits0References5
CVE
CVE
added 2026/06/24 5:33 a.m.16 views

CVE-2026-9178

The WP Forms Connector for WordPress (versions &lt;= 1.8) exposes sensitive user data via REST: wp/v3/user/list/ with a permissive permission_callback and weak internal auth. The vulnerability allows unauthenticated access to per-user data, including the WordPress password hash (user_pass) and em...

7.5CVSS6AI score0.00347EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/24 5:33 a.m.7 views

EUVD-2026-38689

The WP Forms Connector plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.8. The plugin registers the REST route wp/v3/user/list/ callback userDetail with permissioncallback set to 'returntrue', and the function's home-grown authentication only...

7.5CVSS6AI score0.00347EPSS
Exploits0References5
CVE
CVE
added 2026/06/24 5:33 a.m.15 views

CVE-2026-9179

Summary: WP Forms Connector for WordPress (versions ≤ 1.8) is susceptible to unauthenticated SQL injection via the order parameter in the /wp-json/wp/v3/post/list endpoint. The root cause is insufficient escaping of $_GET['order'], with the value concatenated into the ORDER BY clause and executed...

7.5CVSS5.9AI score0.00376EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.31 views

CVE-2026-9179 WP Forms Connector <= 1.8 - Unauthenticated SQL Injection via 'order' Parameter

The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to and including 1.8. This is due to insufficient escaping on the user-supplied 'order' parameter read directly from $GET'order' into...

7.5CVSS0.00376EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51692

Name of the Vulnerable Software and Affected Versions WP Forms Connector versions prior to 1.9 Description The plugin contains an information exposure flaw via the REST route 'wp/v3/user/list/' which uses the userDetail function. The authentication mechanism only checks if the Username HTTP heade...

7.5CVSS6AI score0.00347EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-51693

Name of the Vulnerable Software and Affected Versions WP Forms Connector versions prior to 1.9 Description An issue exists where unauthenticated attackers can execute additional SQL queries to extract sensitive information from the database. This occurs via the /wp-json/wp/v3/post/list REST...

7.5CVSS5.9AI score0.00376EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51952

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference can occur in the recovery paths of the cadence cdns-mhdp8546-core driver. When errors occur in the cdns mhdp link up or cdns mhdp reg read functions during...

6AI score0.00168EPSS
Exploits0References14
Rows per page
Query Builder