21952 matches found
CVE-2025-14974
CVE-2025-14974 affects IBM InfoSphere Information Server 11.7.0.0–11.7.1.6 and is caused by insecure direct object reference (IDOR). Potential impact: unauthorized access to protected objects with high confidentiality impact as per sources. Affected versions and remediation are documented in IBM’...
CVE-2025-14974 IBM InfoSphere Information Server is vulnerable due to Insecure Direct Object Reference
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference IDOR...
CVE-2025-14974 IBM InfoSphere Information Server is vulnerable due to Insecure Direct Object Reference
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference IDOR...
CVE-2025-14974
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference IDOR...
EUVD-2026-14500
AVideo vulnerable to IP Address Spoofing via Untrusted HTTP Headers in getRealIpAddr...
CVE-2026-23296
A flaw was found in the Linux kernel's SCSI core. A reference count leak, a type of resource management issue, occurs when tearing down a SCSI host due to an error in the tagsetrefcnt mechanism. This can cause the system to hang, leading to a Denial of Service DoS for the affected system...
CVE-2026-23284
A flaw was found in the Linux kernel's mtkethsoc driver. This vulnerability occurs when an error in the mtkopen routine within mtkxdpsetup leads to an incorrect reset of the eBPF Extended Berkeley Packet Filter program pointer without properly decreasing its reference count. This improper resourc...
CVE-2026-23291
A flaw was found in the Linux kernel's nfc: pn533 driver. When a device is disconnected, a reference count on the USB interface is not properly dropped, leading to a dangling reference. This resource management issue may lead to system instability or a denial of service DoS...
CGA-F43X-F635-VFQ3
Bulletin has no description...
SUSE CVE-2026-23283
In the Linux kernel, the following vulnerability has been resolved: regulator: fp9931: Fix PM runtime reference leak in fp9931hwmonread In fp9931hwmonread, if regmapread failed, the function returned the error code without calling pmruntimeputautosuspend, causing a PM reference leak...
SUSE CVE-2026-23284
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: Reset prog ptr to oldprog in case of error in mtkxdpsetup Reset eBPF program pointer to oldprog and do not decrease its ref-count if mtkopen routine in mtkxdpsetup fails...
SUSE CVE-2026-23291
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: properly drop the usb interface reference on disconnect When the device is disconnected from the driver, there is a "dangling" reference count on the usb interface that was grabbed in the probe callback. Fix this up b...
SUSE CVE-2026-23314
In the Linux kernel, the following vulnerability has been resolved: regulator: bq257xx: Fix device node reference leak in bq257xxregdtparsegpio In bq257xxregdtparsegpio, if fails to get subchild, it returns without calling ofnodeputchild, causing the device node reference leak...
SUSE CVE-2026-23356
In the Linux kernel, the following vulnerability has been resolved: drbd: fix "LOGIC BUG" in drbdalbeginiononblock Even though we check that we "should" be able to do lcgetcumulative while holding the device-allock spinlock, it may still fail, if some other code path decided to do lctrylock with...
SUSE CVE-2026-23380
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARNON in tracingbuffersmmapclose When a process forks, the child process copies the parent's VMAs but the usermapped reference count is not incremented. As a result, when both the parent and child processes exit,...
Malicious Package
Overview json-lucide is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
CVE-2026-32535 WordPress JS Help Desk plugin <= 3.0.3 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk: from n/a through = 3.0.3...
CVE-2026-32533 WordPress LatePoint plugin <= 5.2.6 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in LatePoint LatePoint latepoint allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LatePoint: from n/a through = 5.2.6...
CVE-2025-69347 WordPress WPSubscription plugin <= 1.8.10 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSubscription: from n/a through = 1.8.10...
CVE-2026-23314
A flaw was found in the Linux kernel, specifically within the regulator: bq257xx subsystem. This vulnerability, a device node reference leak, occurs when the bq257xxregdtparsegpio function fails to properly manage system resources. An attacker could potentially exploit this to cause a denial of...