CVE-2026-3360

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authentication and authorization checks in the payincompleteorder function. The function accepts an...

Dgraph 安全漏洞

Dgraph is an open-source, horizontally scalable distributed GraphQL database with a graphical backend. Versions of Dgraph prior to 25.3.1 contained a security vulnerability. This vulnerability stemmed from a flaw in the restoreTenant management mechanism, which lacked an authorization middleware...

CVE-2021-27562

In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode...

CVE-2026-1890 LeadConnector < 3.0.22 - Unauthenticated Rest Call

The LeadConnector WordPress plugin before 3.0.22 does not have authorization in a REST route, allowing unauthenticated users to call it and overwrite existing data...

CVE-2026-1890

The LeadConnector WordPress plugin before 3.0.22 does not have authorization in a REST route, allowing unauthenticated users to call it and overwrite existing data...

CVE-2026-1890

The LeadConnector WordPress plugin is affected by CVE-2026-1890: versions before 3.0.22 expose an unauthenticated REST route that allows an attacker to call the route and overwrite existing data. This constitutes a lack of authorization on the vulnerable endpoint. The vulnerability is fixed in ve...

PT-2026-28216

The LeadConnector WordPress plugin before 3.0.22 does not have authorization in a REST route, allowing unauthenticated users to call it and overwrite existing data...

WordPress plugin LeadConnector 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-20986

Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Members...

CVE-2026-20986

Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Members...

CVE-2026-20986

Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Members...

CVE-2026-20986

Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Members...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001308)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001308 advisory. The ip6appenddata function in net/ipv6/ip6output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur...

CVE-2019-12806

UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in a library. That leads remote attacker to execute arbitrary code via crafted https packets...

GHSA-6H7W-V2XR-MQVW Bagisto Missing Authentication on Installer API Endpoints

Vulnerable Code File: packages/Ibkul/Installer/src/Routes/Ib.php groupfunction Route::controllerInstallerController::class-\groupfunction Route::get'install', 'index'-\name'installer.index'; Route::middlewareStartSession::class-\prefix'install/api'-\groupfunction Route::post'env-file-setup',...

Bagisto Missing Authentication on Installer API Endpoints

Vulnerable Code File: packages/Ibkul/Installer/src/Routes/Ib.php groupfunction Route::controllerInstallerController::class-\groupfunction Route::get'install', 'index'-\name'installer.index'; Route::middlewareStartSession::class-\prefix'install/api'-\groupfunction Route::post'env-file-setup',...

CVE-2026-21446 Bagisto Missing Authentication on Installer API Endpoints

Bagisto is an open source laravel eCommerce platform. In versions on the 2.3 branch prior to 2.3.10, API routes remain active even after initial installation is complete. The underlying API endpoints /install/api/ are directly accessible and exploitable without any authentication. An attacker can...

luksmeta: Data corruption when handling LUKS1 partitions with luksmeta

A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the...

Keyless Entry: Breaking and Entering EMMC RPMB with EMFI

The Replay Protected Memory Block RPMB in modern storage systems provides a secure area where data integrity is ensured by authentication. This block is used in digital devices to store pivotal information that must be safeguarded against modification by potential attackers. This paper targets th...

CLSA-2025-1761214095 qemu-kvm: Fix of CVE-2023-5088

CVE-2023-5088: fix incorrect guest I/O redirection to offset 0 that could allow data overwrite at LBA 0 and potential VM escape...