CVE-2026-6222

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in ForminatorAdminModuleEditPage admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...

CVE-2026-6222 Forminator Forms <= 1.51.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'forminator_action' Parameter

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in ForminatorAdminModuleEditPage admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...

CVE-2026-6222

CVE-2026-6222 affects the WordPress plugin Forminator Forms (versions

Unity Linux 20.1070a Security Update: osbuild-composer (UTSA-2026-016491)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016491 advisory. During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake...

WordPress plugin Forminator Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

GitPython 参数注入漏洞

GitPython is a Python library developed by gitpython-developers, designed for interacting with Git repositories. Versions of GitPython prior to 3.1.47 contained a parameter injection vulnerability. This vulnerability stemmed from the use of clone to validate multioptions, followed by the executio...

PT-2026-38324

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in Forminator Admin Module Edit Page admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...

CVE-2026-43236

In the Linux kernel, the following vulnerability has been resolved: drm/atmel-hlcdc: fix use-after-free of drmcrtccommit after release The atmelhlcdcplaneatomicduplicatestate callback was copying the atmelhlcdcplane state structure without properly duplicating the drmplanestate. In particular,...

CVE-2026-43278 dm: clear cloned request bio pointer when last clone bio completes

In the Linux kernel, the following vulnerability has been resolved: dm: clear cloned request bio pointer when last clone bio completes Stale rq-bio values have been observed to cause double-initialization of cloned bios in request-based device-mapper targets, leading to use-after-free and...

CVE-2026-43278

In the Linux kernel, the following vulnerability has been resolved: dm: clear cloned request bio pointer when last clone bio completes Stale rq-bio values have been observed to cause double-initialization of cloned bios in request-based device-mapper targets, leading to use-after-free and...

CVE-2026-43278

The vulnerability CVE-2026-43278 affects the Linux kernel’s device-mapper (dm) component, notably dm-multipath, where stale cloned bio pointers in cloned requests can lead to use-after-free and double-free of bios. The sequence shows cloned bios freed during blk_complete_request() while rq-&gt;bi...

CVE-2026-43278

In the Linux kernel, the following vulnerability has been resolved: dm: clear cloned request bio pointer when last clone bio completes Stale rq-bio values have been observed to cause double-initialization of cloned bios in request-based device-mapper targets, leading to use-after-free and...

Linux Distros Unpatched Vulnerability : CVE-2026-43278

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm: clear cloned request bio pointer when last clone bio completes Stale rq-bio values have been observed to cause double-initialization of cloned bios in...

GHSA-VJ3M-2G9H-VM4P Grav has multiple RCE vectors: unsafe unserialize (x3), command injection in git clone, SSTI blocklist bypass

Multiple RCE vectors were found in Grav CMS. Three are critical, two are high. 1. Unsafe unserialize in JobQueue — direct RCE gadget Critical system/src/Grav/Common/Scheduler/JobQueue.php:465 calls unserializebase64decode... without restricting allowedclasses. The Job class has...

Grav has multiple RCE vectors: unsafe unserialize (x3), command injection in git clone, SSTI blocklist bypass

Multiple RCE vectors were found in Grav CMS. Three are critical, two are high. 1. Unsafe unserialize in JobQueue — direct RCE gadget Critical system/src/Grav/Common/Scheduler/JobQueue.php:465 calls unserializebase64decode... without restricting allowedclasses. The Job class has...

GHSA-X494-MJ8G-CJ27 gix-pack has multiple DoS vectors: unchecked indexing panics and uncapped OOM allocations from crafted pack data

Summary Multiple denial-of-service vectors in gix-pack: unchecked array indexing causes panics on crafted delta data, and uncapped attacker-controlled size headers enable OOM process kills. Both are triggered by malicious pack data received during clone/fetch. Details Bug 1: Unchecked array...

gix-pack has multiple DoS vectors: unchecked indexing panics and uncapped OOM allocations from crafted pack data

Summary Multiple denial-of-service vectors in gix-pack: unchecked array indexing causes panics on crafted delta data, and uncapped attacker-controlled size headers enable OOM process kills. Both are triggered by malicious pack data received during clone/fetch. Details Bug 1: Unchecked array...

AVideo: Unauthenticated Disclosure of CloneSite `myKey` via Error Echo in `cloneClient.json.php` Enables Cross-Site DB Dump of the Configured Clone Server

Summary plugin/CloneSite/cloneClient.json.php echoes the local CloneSite shared secret $objClone-myKey, a constant md5$global'systemRootPath' . $global'salt' into the HTTP response body on every unauthenticated request. The unauthenticated error branch was intended to reject non-admin callers...

PT-2026-37289

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions prior to 29.0 Description An issue exists where the endpoint 'plugin/CloneSite/cloneClient.json.php' echoes the local CloneSite shared secret, stored in the variable myKey a constant generated via md5$global'systemRootPath...

Malicious code in rogiant-quick-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 efdebb03bb05b0da602f813ad321bbc81c658ac1bec059a5a7fa73fed277a53b During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...