PT-2026-22951

Name of the Vulnerable Software and Affected Versions Craft versions prior to 5.9.0-beta.1 Craft versions prior to 4.17.0-beta.1 Description Craft is a content management system CMS. A flaw exists where the "Duplicate" entry action does not properly verify user permissions for specific target...

CVE-2025-62784 InventoryGui allows item duplication in GUIs which use GuiStorageElement

InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions before 1.6.5 contain a vulnerability where any plugin using a GUI with the GuiStorageElement and allows taking out items out of that element can allow item duplication when the experimental Bundle item feature i...

WordPress Exclusive Addons for Elementor plugin <= 2.6.9.1 - Broken Access Control on Post Duplication vulnerability

Broken Access Control on Post Duplication vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Exclusive Addons Elementor versions = 2.6.9.1...

WordPress PostX plugin <= 3.2.3 - Author+ Post/Page Duplication vulnerability

Author+ Post/Page Duplication vulnerability discovered by movrment in WordPress Plugin PostX versions = 3.2.3...

The vulnerabilities of the alloca() and strdup() functions in the Systemd initialization and service management subsystem allow a attacker to cause a service failure.

The vulnerability of the alloca and strdup functions in the Systemd initialization and service management subsystem is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a attacker to cause service failures...