12957 matches found
CVE-2026-3906
WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature block-level collaboration annotations was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API createitempermissionscheck method in...
CVE-2026-3906
CVE-2026-3906 affects WordPress core (versions 6.9–6.9.1). The vulnerability resides in the REST API endpoint used by the block editor's Notes feature, where create_item_permissions_check() does not verify that the authenticated user has edit_post permission on the target post when creating a not...
CVE-2026-3906 WordPress 6.9 - 6.9.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Note Creation via REST API
WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature block-level collaboration annotations was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API createitempermissionscheck method in...
CVE-2026-3906 WordPress 6.9 - 6.9.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Note Creation via REST API
WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature block-level collaboration annotations was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API createitempermissionscheck method in...
CVE-2026-3906
WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature block-level collaboration annotations was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API createitempermissionscheck method in...
CVE-2026-30926
SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts RoleReader to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.18.35 bug fix and security update
Red Hat OpenShift Container Platform release 4.18.35 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.20.16 bug fix and security update
Red Hat OpenShift Container Platform release 4.20.16 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.20. Red Hat Product Security has rated this update as having a...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.35 bug fix and security update
Red Hat OpenShift Container Platform release 4.18.35 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...
PT-2026-24659
Name of the Vulnerable Software and Affected Versions WordPress versions 6.9 through 6.9.1 Description WordPress core is susceptible to unauthorized access. The Notes feature, introduced in WordPress 6.9, allows for collaborative annotations on posts within the block editor. However, the REST API...
WordPress 6.9-6.9.3 - Broken Access Control in Notes vulnerability
Broken Access Control in Notes vulnerability discovered by kaminuma in WordPress core versions 6.9-6.9.3...
CVE-2026-3370
REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...
CVE-2026-24283
creationtimestamp| type| source ---|---|--- 2026-03-10 16:57:37+00:00| seen| https://www.thezdi.com/blog/2026/3/10/the-march-2026-security-update-review 2026-03-10 19:07:55+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0080 2026-03-11 03:00:16+00:00| seen|...
CVE-2026-30926
SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts RoleReader to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint...
CVE-2026-24316
creationtimestamp| type| source ---|---|--- 2026-03-10 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0256/ 2026-03-12 03:00:05+00:00| seen| https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2026.html...
CVE-2026-24311
creationtimestamp| type| source ---|---|--- 2026-03-10 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0256/ 2026-03-12 03:00:05+00:00| seen| https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2026.html...
CVE-2026-0489
creationtimestamp| type| source ---|---|--- 2026-03-10 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0256/ 2026-03-12 03:00:05+00:00| seen| https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2026.html...
CVE-2026-24313
creationtimestamp| type| source ---|---|--- 2026-03-10 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0256/ 2026-03-12 03:00:05+00:00| seen| https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2026.html...
CVE-2026-27686
creationtimestamp| type| source ---|---|--- 2026-03-10 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0256/ 2026-03-12 03:00:05+00:00| seen| https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2026.html...
CVE-2026-24309
creationtimestamp| type| source ---|---|--- 2026-03-10 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0256/ 2026-03-12 03:00:05+00:00| seen| https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2026.html...