Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004864)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004864 advisory. In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDNdspelementregister Afer commit 1fa5ae857bb1 driver core:...

CVE-2026-24386

Missing Authorization vulnerability in Element Invader Element Invader – Template Kits for Elementor elementinvader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Invader – Template Kits for Elementor: from n/a through = 1.2.4...

CVE-2025-31413

Cross-Site Request Forgery CSRF vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through = 8.3.13...

CVE-2026-24386

CVE-2026-24386 describes a Missing Authorization vulnerability in the WordPress plugin “Element Invader – Template Kits for Elementor” (versions n/a through 1.2.4). The root cause is incorrectly configured access control, enabling unauthorized access to protected actions/files within elementinvad...

CVE-2026-24386

Missing Authorization vulnerability in Element Invader Element Invader - Template Kits for Elementor elementinvader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Invader - Template Kits for Elementor: from n/a through = 1.2.4...

CVE-2026-24386 WordPress Element Invader – Template Kits for Elementor plugin <= 1.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Element Invader Element Invader Template Kits for Elementor elementinvader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Invader Template Kits for Elementor: from n/a through = 1.2.4...

CVE-2026-24386 WordPress Element Invader – Template Kits for Elementor plugin <= 1.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Element Invader Element Invader – Template Kits for Elementor elementinvader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Invader – Template Kits for Elementor: from n/a through = 1.2.4...

CVE-2025-31413

CVE-2025-31413 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin family Element Pack Elementor Addons. Affected component: Element Pack Addons for Elementor (bdthemes-element-pack-lite) with versions up to and including 8.3.13. Root cause: CSRF exposure allows an...

CVE-2025-31413 WordPress Element Pack Elementor Addons plugin <= 8.3.13 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through = 8.3.13...

CVE-2025-31413 WordPress Element Pack Elementor Addons plugin <= 8.3.13 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through = 8.3.13...

CVE-2025-31413

Cross-Site Request Forgery CSRF vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through = 8.3.13...

Server-Side Request Forgery (SSRF)

Chainlit is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to fetching attacker-controlled URLs during element updates, where the SQLAlchemy data layer performs outbound HTTP GET requests on user-supplied url values, allowing authenticated attackers to access internal...

CVE-2026-0920

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This is due to the 'ajaxregisterhandle' function not restricting what user roles a user can register with. This makes it possible for...

CVE-2026-0920

CVE-2026-0920 affects the WordPress plugin “LA-Studio Element Kit for Elementor” (≤ 1.5.6.3). The root cause is a missing role restriction in the AJAX registration handler (ajax_register_handle), which lets unauthenticated users supply the lakit_bkrole parameter and create an administrator accoun...

WordPress plugin bdthemes-element-pack-lite has a cross-site request forgeing vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...

PT-2026-3959

Name of the Vulnerable Software and Affected Versions Element Pack Elementor Addons versions through 8.3.13 Description A Cross-Site Request Forgery CSRF issue exists in Element Pack Elementor Addons. This allows attackers to perform actions on behalf of authenticated users. Recommendations Updat...

PT-2026-4269

Missing Authorization vulnerability in Element Invader Element Invader Template Kits for Elementor elementinvader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Invader Template Kits for Elementor: from n/a through = 1.2.4...

WordPress plugin LA-Studio Element Kit for Elementor has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

WordPress plugin Element Invader has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-3919

Name of the Vulnerable Software and Affected Versions LA-Studio Element Kit for Elementor versions through 1.5.6.3 Description The LA-Studio Element Kit for Elementor plugin for WordPress is susceptible to unauthorized administrative user creation. This occurs because the ajax register handle...