Lucene search
K

21946 matches found

EUVD
EUVD
added 2026/04/04 9:30 a.m.9 views

EUVD-2026-18981

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...

8.1CVSS5.9AI score0.00351EPSS
Exploits0References4
NVD
NVD
added 2026/04/04 8:16 a.m.5 views

CVE-2026-4896

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...

8.1CVSS0.00351EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/04 5:55 a.m.12 views

DynFuture Drop Can Construct a Dangling Reference

DynFuture is unsound because its Drop implementation transmutes a trait-object reference into unrelated reference types, which constructs an invalid reference from trait object metadata. This issue was reproduced against dyn-future 3.0.4 under Miri. The crate is unmaintained...

5.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/04 5:55 a.m.2 views

GHSA-J3W3-P6MR-3HRH DynFuture Drop Can Construct a Dangling Reference

DynFuture is unsound because its Drop implementation transmutes a trait-object reference into unrelated reference types, which constructs an invalid reference from trait object metadata. This issue was reproduced against dyn-future 3.0.4 under Miri. The crate is unmaintained...

6.3CVSS5.9AI score
Exploits0References3
OSV
OSV
added 2026/04/04 2:0 a.m.1 views

CGA-PC6G-F7G9-QMGW

Bulletin has no description...

7.5CVSS5.8AI score0.00621EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/04 12:0 a.m.9 views

WordPress plugin WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The WordPres...

8.1CVSS5.8AI score0.00351EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/03 11:28 p.m.4 views

SUSE CVE-2026-23419

In the Linux kernel, the following vulnerability has been resolved: net/rds: Fix circular locking dependency in rdstcptune syzbot reported a circular locking dependency in rdstcptune where sknetrefcntupgrade is called while holding the socket lock:...

5.5CVSS5.8AI score0.00175EPSS
Exploits0References15
SUSE CVE
SUSE CVE
added 2026/04/03 11:28 p.m.5 views

SUSE CVE-2026-23426

In the Linux kernel, the following vulnerability has been resolved: drm/logicvc: Fix device node reference leak in logicvcdrmconfigparse The logicvcdrmconfigparse function calls ofgetchildbyname to find the "layers" node but fails to release the reference, leading to a device node reference leak...

4.7CVSS5.7AI score0.00115EPSS
Exploits0References16
SUSE CVE
SUSE CVE
added 2026/04/03 11:27 p.m.6 views

SUSE CVE-2026-23437

In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect late read accesses to the hierarchy We look up a netdev during prep of Netlink ops pre- callbacks and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual...

7CVSS5.7AI score0.00127EPSS
Exploits0References40
SUSE CVE
SUSE CVE
added 2026/04/03 11:25 p.m.5 views

SUSE CVE-2026-31399

In the Linux kernel, the following vulnerability has been resolved: nvdimm/bus: Fix potential use after free in asynchronous initialization Dingisoul with KASAN reports a use after free if deviceadd fails in ndasyncdeviceregister. Commit b6eae0f61db2 "libnvdimm: Hold reference on parent while...

7.8CVSS5.7AI score0.00119EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/03 11:25 p.m.6 views

SUSE CVE-2026-31403

In the Linux kernel, the following vulnerability has been resolved: NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd The /proc/fs/nfs/exports proc entry is created at module init and persists for the module's lifetime. exportsprocopen captures the caller's current network...

7CVSS5.7AI score0.00123EPSS
Exploits0References23
Patchstack
Patchstack
added 2026/04/03 11:16 p.m.3 views

WordPress WCFM - WooCommerce Frontend Manager plugin <= 6.7.25 - Insecure Direct Object References to Authenticated (Vendor+) Arbitrary Post/Product Manipulation vulnerability

WordPress WCFM - WooCommerce Frontend Manager plugin = 6.7.25 - Insecure Direct Object References to Authenticated Vendor+ Arbitrary Post/Product Manipulation vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin WCFM – Frontend Manager for...

8.1CVSS5.9AI score0.00351EPSS
Exploits0References1Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/03 9:47 p.m.4 views

angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +66 more potentially affected by CVE-2026-34544 via openexr (>=3.4.12 <=3.4.4)

openexr PYPI version =3.4.12, =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves: CVE-2026-34544 Source advisory: OSV:GHSA-H762-RHV3-H25V...

8.4CVSS5.7AI score0.00244EPSS
Exploits1
EUVD
EUVD
added 2026/04/03 6:31 p.m.5 views

EUVD-2026-18780

In the Linux kernel, the following vulnerability has been resolved: nvdimm/bus: Fix potential use after free in asynchronous initialization Dingisoul with KASAN reports a use after free if deviceadd fails in ndasyncdeviceregister. Commit b6eae0f61db2 "libnvdimm: Hold reference on parent while...

5.7AI score0.00119EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/03 6:31 p.m.1 views

EUVD-2026-18716

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: fix use-after-free in ctnetlinkdumpexpct ctnetlinkdumpexpct stores a conntrack pointer in cb-data for the netlink dump callback ctnetlinkexpctdumptable, but drops the conntrack reference immediately after...

5.8AI score0.00126EPSS
Exploits0References7
NVD
NVD
added 2026/04/03 4:16 p.m.2 views

CVE-2026-31403

In the Linux kernel, the following vulnerability has been resolved: NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd The /proc/fs/nfs/exports proc entry is created at module init and persists for the module's lifetime. exportsprocopen captures the caller's current network...

7.8CVSS0.00123EPSS
Exploits0References7
NVD
NVD
added 2026/04/03 4:16 p.m.2 views

CVE-2026-31399

In the Linux kernel, the following vulnerability has been resolved: nvdimm/bus: Fix potential use after free in asynchronous initialization Dingisoul with KASAN reports a use after free if deviceadd fails in ndasyncdeviceregister. Commit b6eae0f61db2 "libnvdimm: Hold reference on parent while...

7.8CVSS0.00119EPSS
Exploits0References8
NVD
NVD
added 2026/04/03 4:16 p.m.3 views

CVE-2026-23462

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HIDP: Fix possible UAF This fixes the following trace caused by not dropping l2capconn reference when user-remove callback is called: 97.809249 l2capconnfree: freeing conn ffff88810a171c00 97.809907 CPU: 1 UID: 0 PID:...

8.8CVSS0.00262EPSS
Exploits0References8
NVD
NVD
added 2026/04/03 4:16 p.m.3 views

CVE-2026-23437

In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect late read accesses to the hierarchy We look up a netdev during prep of Netlink ops pre- callbacks and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual...

7.8CVSS0.00127EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/03 4:16 p.m.2 views

CVE-2026-31399

In the Linux kernel, the following vulnerability has been resolved: nvdimm/bus: Fix potential use after free in asynchronous initialization Dingisoul with KASAN reports a use after free if deviceadd fails in ndasyncdeviceregister. Commit b6eae0f61db2 "libnvdimm: Hold reference on parent while...

7.8CVSS5.7AI score0.00119EPSS
Exploits0References8
Rows per page
Query Builder