9653 matches found
CVE-2026-3601 User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Limited Page Content Modification
The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the embedformaction function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with Contributor-level acce...
CVE-2026-3601
Summary: CVE-2026-3601 affects the WordPress plugin “User Registration & Membership” (versions
EUVD-2026-27213
The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the LiveAction::reset function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress init action and triggers when both post...
CVE-2026-4362
The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the LiveAction::reset function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress init action and triggers when both post...
CLSA-2026-1777946639 quagga: Fix of CVE-2018-5381
CVE-2018-5381: bgpd capability parser can enter an infinite loop on invalid OPEN messages whose Multi-Protocol capability has an unrecognized AFI/SAFI, causing a denial of service...
PT-2026-36971
The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Live Action::reset function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress init action and triggers when both post...
CVE-2026-4024
The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. The handler is registered on both wpajax and wpajaxnopriv hooks, maki...
CVE-2026-6963
The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmgsaveproviderconfig AJAX action in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...
CVE-2026-3143
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxclicancel' function in all versions up to, and including, 1.17.1. This makes it possible for...
CVE-2025-14726
The Widgets for Social Photo Feed plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the '/trustindexfeedhookinstagram/troubleshooting' and '/trustindexfeedhookinstagram/submit-data' REST API endpoints in all versions up...
VulnCheck KEV: CVE-2025-15403
The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'addmenu' function is accessible via the 'rmuserexists' AJAX action and allows arbitrary updates to the 'adminorder' setting. This makes it possible f...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Avoid NULL pointer dereferencing in aerratelimit When the platform firmware provides error information to the OS, for example, via the ACPI APEI GHES mechanism, it may identify a device that does not advertise an AER...
Astra Linux – Vulnerability in evolution-data-server
In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client by dereferencing a NULL pointer, by sending an invalid e.g., minimal CAPABILITY line during a connection attempt. This issue is related to the imapxfreecapability and imapxconnecttoserver functions...
Astra Linux – Vulnerability in Linux, Linux 5.10
The decodedata function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 contains a slab out-of-bounds write vulnerability. Input from a process that has the CAPNETADMIN capability can lead to root access...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: mt76: mt7921: Resource leaks in mt7921checkoffloadcapability The coverage issue related to resource leaks was fixed. In this case, the variable “fw” goes out of scope, causing the storage it points to to be leaked. This iss...
Astra Linux – Vulnerability in Linux 5.10
In the kernel/bpf/hashtab.c file within the Linux kernel, up to version 5.13.8, there is an integer overflow and out-of-bounds write vulnerability when multiple elements are placed in a single bucket. NOTE: Exploitation may be impractical without the CAPSYSADMIN capability...
Astra Linux – Vulnerability in Qemu
A flaw was discovered in the virtio-fs shared file system daemon virtiofsd of QEMU. The new ‘xattrmap’ option may cause the ‘security.capability’ xattr in the guest to not be dropped when writing files, potentially allowing a modified, privileged executable to be executed within the guest. In rar...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-6.1, Linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fixed handling of HCIEVIOCAPAREQUEST. If we receive HCIEVIOCAPAREQUEST while HCIOPREADREMOTEEXTFEATURES has not yet been responded to, assume that the remote supports SSP. Otherwise, this event should not be...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Properly hiding the first-in-list PCIe extended capabilities There are cases where a PCIe extended capability should be hidden from the user. For example, an unknown capability i.e., a capability with an ID greater than...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: perf: It is now required that CAPSYSADMIN be present for uprobes. Jann reports that uprobes can be used destructively when they are used in the middle of an instruction. The kernel only verifies that there is a valid instruction ...