1013 matches found
CVE-2026-46212
In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: prevent use-after-free when deleting claims When batadvbladelbackboneclaims removes all claims for a backbone, it does this by dropping the link entry in the hash list. This list entry itself was one of the...
EUVD-2026-31969
An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creating a new bond...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: “vt: fix unicode buffer corruption when deleting characters” This is the same issue that was fixed for the VGA text buffer in commit 39cdb68c64d8 “vt: fix memory overlapping when deleting chars in the buffer”. The solution is als...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleting chars in the buffer A memory overlapping copy occurs when deleting a long line. This memory overlapping copy can cause data corruption when scrmemcpyw is optimized to memcpy because memcpy...
PT-2026-31109
Name of the Vulnerable Software and Affected Versions Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress versions up to and including 8.8.3 Description The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is susceptible to authorization bypass. This occurs...
CVE-2026-33195
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's DiskServicepathfor does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path...
ROS-20260323-73-0024
A vulnerability in the atm component of the Linux operating system kernel is related to improper memory freeing before deleting the last link. Exploitation of the vulnerability allows an attacker to cause a denial of service...
CVE-2026-21886
OpenCTI prior to version 6.9.1 contains a validation gap in the GraphQL mutation IndividualDeletionDeleteMutation, which can be misused to delete unrelated and sensitive objects (e.g., analyses and reports) due to lack of contextual validation. The CVE describes the affected component and root ca...
CVE-2026-1508
The Court Reservation WordPress plugin before 1.10.9 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete them via a CSRF attack...
EUVD-2026-10474
The Court Reservation WordPress plugin before 1.10.9 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete them via a CSRF attack...
EUVD-2026-10475
The Court Reservation WordPress plugin before 1.10.9 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete them via a CSRF attack...
CVE-2025-70141
SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in adminclass.php based on the action parameter. An unauthenticated remote attacke...
keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication
A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...
GHSA-27JC-JMP8-QFW5 Duplicate Advisory: Keylime Missing Authentication for Critical Function and Improper Authentication
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4jqp-9qjv-57m2. This link is maintained to preserve external references. Original Description A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Laye...
CVE-2026-1709 Keylime: keylime: authentication bypass allows unauthorized administrative operations due to missing client-side tls authentication
A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...
MiracleLinux 7 : git-1.8.3.1-25.el7 (AXSA:2023-5487:04)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5487:04 advisory. git: by feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents...
CVE-2023-50764
Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system...
CVE-2022-0616
The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting customers, which could allow attackers to make a logged in admin delete arbitrary customers via a CSRF attack...
emlog 安全漏洞
emlog is emlog open source a set of PHP and MySQL based CMS website building system. A security vulnerability exists in version 2.5.23 of emlog, the vulnerability stems from the administrator can set the control item, which may lead to users can not be edited or deleted after posting articles...
PT-2026-1050
Name of the Vulnerable Software and Affected Versions WPBookit versions through 1.0.7 Description The WPBookit WordPress plugin does not properly validate Cross-Site Request Forgery CSRF tokens when deleting customer data. This allows an attacker, without needing to be logged in, to delete any...