PT-2026-34815

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.0 Kirby versions prior to 5.4.0 Description The Xml::value method in Kirby contains a flaw in how it handles blocks. While the method is designed to allow valid CDATA to pass through without being escaped a second...

CVE-2026-35355

The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition during file installation. The implementation unlinks an existing destination file and then recreates it using a path-based operation without the OEXCL flag. A local attacker can exploit t...

CVE-2026-31519

In the Linux kernel, the following vulnerability has been resolved: btrfs: set BTRFSROOTORPHANCLEANUP during subvol create We have recently observed a number of subvolumes with broken dentries. ls-ing the parent dir looks like: drwxrwxrwt 1 root root 16 Jan 23 16:49 . drwxr-xr-x 1 root root 24 Ja...

EUVD-2026-24662

The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers adminpost action hooks for creating tables adminpostaddtable and deleting tables adminpostdeletedbtable without implementing any capability checks via...

WordPress Create DB Tables plugin <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Table Creation/Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Database Table Creation/Deletion vulnerability discovered by theviper17y in WordPress Plugin Create DB Tables versions = 1.2.1...

CVE-2026-4119

The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers adminpost action hooks for creating tables adminpostaddtable and deleting tables adminpostdeletedbtable without implementing any capability checks via...

CVE-2026-4119 Create DB Tables <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Table Creation/Deletion via admin-post.php

The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers adminpost action hooks for creating tables adminpostaddtable and deleting tables adminpostdeletedbtable without implementing any capability checks via...

CVE-2026-4119 Create DB Tables <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Table Creation/Deletion via admin-post.php

The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers adminpost action hooks for creating tables adminpostaddtable and deleting tables adminpostdeletedbtable without implementing any capability checks via...

CVE-2026-4119

The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers adminpost action hooks for creating tables adminpostaddtable and deleting tables adminpostdeletedbtable without implementing any capability checks via...

CVE-2026-6386 Missing large page handling in pmap_pkru_update_range()

In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shmcreatelargepage3 interface. In particular, it...

CVE-2026-6386

In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shmcreatelargepage3 interface. In particular, it...

CVE-2026-41129

Craft CMS is a content management system CMS. Versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14 are vulnerable to Server-Side Request Forgery. The exploitation requires a few permissions to be enabled in the used GraphQL schema: "Edit assets in the volume" and "Create...

PT-2026-34568

WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013600)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013600 advisory. In the Linux kernel, the following vulnerability has been resolved: configfs: fix possible memory leak in configfscreatedir kmemleak reported memory leaks in...

WordPress plugin Create DB Tables 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. WordPress plugins are additional applications that can b...

PT-2026-34287

Name of the Vulnerable Software and Affected Versions Create DB Tables versions prior to 1.2.2 Description The Create DB Tables plugin for WordPress contains an authorization bypass. The plugin registers admin post action hooks for creating tables 'admin post add table' and deleting tables 'admin...

PT-2026-34407

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A type confusion issue exists in the team module when handling non-Ethernet ports. The team setup by port function copies port dev-header ops directly. Consequently, when the team device...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013553)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013553 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fix possible UAF in snictgtcreate Smatch reports a warning as follows:...

EUVD-2026-24569

Craft CMS is a content management system CMS. Versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14 are vulnerable to Server-Side Request Forgery. The exploitation requires a few permissions to be enabled in the used GraphQL schema: "Edit assets in the volume" and "Create...

CVE-2026-40926 WWBN AVideo Vulnerable to CSRF in Admin JSON Endpoints (Category CRUD, Plugin Update Script)

WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endpoints — objects/categoryAddNew.json.php, objects/categoryDelete.json.php, and objects/pluginRunUpdateScript.json.php — enforce only a role check Category::canCreateCategory / User::isAdmin and...