CVE-2026-40840 Authenticated SQLi in VerifyCreateLicences function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the VerifyCreateLicences function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40840 Authenticated SQLi in VerifyCreateLicences function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the VerifyCreateLicences function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-46023

dm mirror: fix integer overflow in createdirtylog...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from integer overflows in the parameter counting within the createdirtylog function. This could lead t...

PT-2026-43606

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the VerifyCreateLicences function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

PT-2026-43691

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix potential NULL pointer dereference in context cleanup aie destroy context is invoked during error handling in aie2 create context. However, aie destroy context assumes that the context's mailbox channel pointer...

PT-2026-43836

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The ps gamepad create function calls input ff create memless without verifying its return value. This lack of validation can result in incorrect behavior or potential system crashes when...

CVE-2026-6897

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\TeamAccounts::savesettings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

CVE-2025-71310

The CVE 2025-71310 affects the GDPR cookies module for Backdrop CMS (before 1.x-1.3.5). The vulnerability is an XSS risk triggered when a malicious value is supplied in the optional YouTube service’s Info content field, under the condition that an attacker has either the "Create a GDPR Cookies Se...

MAL-2026-4538 Malicious code in create-arnext-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67a5229a06132707ff10eb04a5fc2a19abf029ded0d61e1c9d0814f5cb2bb667 The package declares "preinstall": "./.github/scripts/precheck" in package.json, which invokes a 976KB stripped Linux x8664 ELF binary hidden under...

MAL-2026-4337 Malicious code in wm-plugin-create-iframe-capturing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3b8f21008e1afe359d81b5a894a1b3977ba8a70993db9afc6f6d695cb37ab3f5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key because the create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker...

CVE-2026-9284

The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the ppc-create-order and ppc-get-order WC-AJAX endpoints in all versions up to, and including, 4.0.1. The ppc-create-order endpoi...

CVE-2026-9284

CVE-2026-9284 affects the WooCommerce PayPal Payments plugin for WordPress (all versions up to and including 4.0.1). The vulnerability stems from missing authorization checks on the WC‑AJAX endpoints ppc-create-order and ppc-get-order , allowing unauthorized manipulation of PayPal orders and expo...

CVE-2026-9284 WooCommerce PayPal Payments <= 4.0.1 - Missing Authorization to Unauthenticated Order Manipulation and Information Disclosure

The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the ppc-create-order and ppc-get-order WC-AJAX endpoints in all versions up to, and including, 4.0.1. The ppc-create-order endpoi...

WordPress plugin Wishlist Member 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin WooCommerce PayPal Payments 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2026-36226

Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User component...

CVE-2026-9223

Missing authorization in the vault import feature in Devolutions Server 2026.1.16.0 and earlier allows a low-privileged authenticated user to create new vaults via a crafted import request...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the FormManager::create function. An attacker can access and exfiltrate sensitive database contents, including user credentials, by injecting arbitrary SQL statements through crafted input to the bnidnature parameter...