EUVD-2025-209902

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getcontenteditor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-021504)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021504 advisory. In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'getdumpable' logic The 'dumpability' of a task is fundamentally about the...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021497)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021497 advisory. In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'getdumpable' logic The 'dumpability' of a task is fundamentally about the...

PT-2026-42086

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get content editor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...

CVE-2026-8073

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This makes it possible for...

CVE-2026-8073 Kirki <= 6.0.6 - Unauthenticated Limited Arbitrary File Read and Deletion via downloadZIP

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This makes it possible for...

CLSA-2026-1779202006 Fix CVE(s): CVE-2026-43284, CVE-2026-46300, CVE-2026-46333

Ubuntu: 4.15.0-256.267 CVE-2026-46333 - ptrace: require CAPSYSPTRACE when task has no mm CVE-2026-46333 CVE-2026-46300 - net: skbuff: propagate shared-frag marker through copy/coalesce/gro/shift paths CVE-2026-46300 CVE-2026-43284 - xfrm: esp: avoid in-place decrypt on shared skb frags...

kernel: PCI/AER: Avoid NULL pointer dereference in aer_ratelimit()

A flaw was found in the Linux kernel PCI/AER Advanced Error Reporting subsystem. When platform firmware reports error information via the ACPI APEI GHES mechanism for a device that does not advertise an AER capability, dev-aerinfo remains NULL. The function aerratelimit does not check for this...

CLSA-2026-1779180310 kernel: Fix of CVE-2026-46333

ptrace: require CAPSYSPTRACE when task has no mm CVE-2026-46333...

CLSA-2026-1779179460 kernel: Fix of CVE-2026-46333

ptrace: require CAPSYSPTRACE when task has no mm CVE-2026-46333...

CVE-2025-4202

The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cfaddcomment' function in all versions up to, and including, 5.2. This makes it possible for authenticated attackers...

CVE-2026-1631

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

AMF Vulnerable to Improper Resource Shutdown or Release

A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been disclosed publicl...

CVE-2026-1631

The CVE-2026-1631 entry affects the Feeds for YouTube WordPress plugin prior to version 2.6.4. The root cause is a missing capability check in the 'actions' function, allowing subscribers and higher roles to perform unauthorized modifications to the plugin’s license key. The impact is license key...

CVE-2026-1631

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

EUVD-2026-30735

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

CVE-2026-1631 Feeds for YouTube < 2.6.4 - Subscriber+ License Data Deletion

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

CVE-2026-1631 Feeds for YouTube < 2.6.4 - Subscriber+ License Data Deletion

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the UERadioCapabilityCheckResponse function in the dispatcher.go file. An attacker can cause a denial of service by sending specially crafted remote requests that trigger a null pointer dereference...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the UERadioCapabilityCheckResponse function in the dispatcher.go file. An attacker can cause a denial of service by sending specially crafted remote requests that trigger a null pointer dereference...