CVE-2026-4401

The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the actionshandler and bulkactionshandler methods in class-dlm-downloads-path.php in all versions up to, and including, 5.1.10. This is due to missing nonce verification on these functions. This makes it...

PT-2026-31125

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download Monitor: from n/a through = 5.1.8...

WordPress plugin Download Monitor 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin Download Monitor SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-4401

CVE-2026-4401 affects the WordPress plugin Download Monitor up to version 5.1.10. The vulnerability is a CSRF in the actions_handler() and bulk_actions_handler() in class-dlm-downloads-path.php caused by missing nonce verification. This allows unauthenticated attackers to delete, disable, or enab...

CVE-2026-4401 Download Monitor <= 5.1.10 - Cross-Site Request Forgery to Download Path Deletion and Disabling

The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the actionshandler and bulkactionshandler methods in class-dlm-downloads-path.php in all versions up to, and including, 5.1.10. This is due to missing nonce verification on these functions. This makes it...

CVE-2026-4401 Download Monitor <= 5.1.10 - Cross-Site Request Forgery to Download Path Deletion and Disabling

The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the actionshandler and bulkactionshandler methods in class-dlm-downloads-path.php in all versions up to, and including, 5.1.10. This is due to missing nonce verification on these functions. This makes it...

WordPress Download Monitor plugin <= 5.1.10 - Cross-Site Request Forgery to Download Path Deletion and Disabling vulnerability

Cross-Site Request Forgery to Download Path Deletion and Disabling vulnerability discovered by Kirasec in WordPress Plugin Download Monitor versions = 5.1.10...

Exploit for OS Command Injection in Paessler Prtg_Network_Monitor

...

PT-2026-31050

The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the actions handler and bulk actions handler methods in class-dlm-downloads-path.php in all versions up to, and including, 5.1.10. This is due to missing nonce verification on these functions. This makes it...

PT-2026-31052

Name of the Vulnerable Software and Affected Versions Amazon Firecracker versions 1.13.0 through 1.14.3 and version 1.15.0 Description A flaw exists in the virtio PCI transport of Amazon Firecracker that could allow a local guest user with root privileges to crash the Firecracker VMM process or...

CVE-2026-34770

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, apps that use the powerMonitor module may be vulnerable to a use-after-free. After the native PowerMonitor object is...

CVE-2026-5563 AutohomeCorp frostmourne Alarm Preview previewData httpTest sql injection

A security flaw has been discovered in AutohomeCorp frostmourne up to 1.0. Affected is the function httpTest of the file /api/monitor-api/alarm/previewData of the component Alarm Preview. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released...

Frostmourne SQL注入漏洞

Frostmourne is a multi-data source monitoring and alerting system developed by AutohomeCorp. Versions of Frostmourne 1.0 and earlier contain SQL injection vulnerabilities, which stem from the SQL injection vulnerability in the httpTest function located in the...

CVE-2026-34770

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, apps that use the powerMonitor module may be vulnerable to a use-after-free. After the native PowerMonitor object is...

CVE-2026-34770 Electron: Use-after-free in PowerMonitor on Windows and macOS

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, apps that use the powerMonitor module may be vulnerable to a use-after-free. After the native PowerMonitor object is...

CVE-2026-34770

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, apps that use the powerMonitor module may be vulnerable to a use-after-free. After the native PowerMonitor object is...

SUSE CVE-2026-23433

In the Linux kernel, the following vulnerability has been resolved: armmpam: Fix null pointer dereference when restoring bandwidth counters When an MSC supporting memory bandwidth monitoring is brought offline and then online, mpamrestorembwustate calls rismsmonread via ipi to restore the...

EUVD-2026-18675

In the Linux kernel, the following vulnerability has been resolved: perf/x86: Move event pointer setup earlier in x86pmuenable A production AMD EPYC system crashed with a NULL pointer dereference in the PMU NMI handler: BUG: kernel NULL pointer dereference, address: 0000000000000198 RIP:...

EUVD-2026-18671

In the Linux kernel, the following vulnerability has been resolved: armmpam: Fix null pointer dereference when restoring bandwidth counters When an MSC supporting memory bandwidth monitoring is brought offline and then online, mpamrestorembwustate calls rismsmonread via ipi to restore the...