CVE-2026-54839

The CVE concerns the WordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups plugin, affected

CVE-2026-54839 WordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups plugin <= 2.0.9 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Trinity Backup Backup, Migrate, Restore, Clone & Schedule Backups = 2.0.9 versions...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: gfs2: Set .migratefolio in gfs2rgrp,metaaops. The warning added in 7ee3647243e5 “migrate: Remove call to -writepage” that occurs in various xfstests, causing “something found in dmesg” failures, has been resolved. 341.136573...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/i915/ttm: fixed handling of CCS Crucible + recent Mesa sometimes causes the following issue: GEMBUGONnumccsblks NUMCCSBLKSPERXFER It seems that this issue can also be triggered with gemlmemswapping, if we modify the tests ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mm/pagealloc: The migrate type of all pageblocks during coalescing has been changed. When a page is freed, it coalesces with a buddy page into a higher-order page whenever possible. When the migrate type of the buddy page...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fixed the NULL pointer dereference in svmmigratetoram. ./drivers/gpu/drm/amd/amdkfd/kfdmigrate.c:985:58-62: Error: p is NULL, but it was dereferenced...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: zsmalloc: Fixed races between asynchronous zspage free operations and page migration. The asynchronous zspage free worker attempts to lock the entire page list of a zspage without protecting against page migration. Since pages...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ext4: fixed the idatasem unlock order in ext4indmigrate Fuzzing reported a potential deadlock in jbd2logwaitcommit. This issue occurs when the EXT4IOCMIGRATE ioctl is set to require synchronous updates because the file...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Only use reserved BCS instances for the usmmigrateexecqueue. The GuC context scheduling queue contains 2 entries. Therefore, it is possible for a migration job to get stuck behind a fault if the migrateexecqueue shares...

CVE-2026-48591

Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allows stored cross-site scripting via unescaped HTML attribute values. 'Elixir.Earmark.Transform':makeatt1/2 in lib/earmark/transform.ex splices attribute values verbatim between two literal " bytes: ...

CVE-2026-48591 Stored XSS via unescaped HTML attribute values in earmark

Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allows stored cross-site scripting via unescaped HTML attribute values. 'Elixir.Earmark.Transform':makeatt1/2 in lib/earmark/transform.ex splices attribute values verbatim between two literal " bytes: ...

CVE-2026-49043

Unauthenticated Cross Site Request Forgery CSRF in WP Migrate Lite = 2.7.8 versions...

EUVD-2026-36867

Unauthenticated Cross Site Request Forgery CSRF in WP Migrate Lite = 2.7.8 versions...

CVE-2026-49043 WordPress WP Migrate Lite plugin <= 2.7.8 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in WP Migrate Lite = 2.7.8 versions...

CVE-2026-49043

The CVE-2026-49043 entry concerns the WordPress WP Migrate Lite plugin, versions &lt;= 2.7.8, with an unauthenticated Cross Site Request Forgery (CSRF) vulnerability. According to the connected data, the issue is attributed to CSRF within WP Migrate Lite (

CVE-2026-49043 WordPress WP Migrate Lite plugin <= 2.7.8 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in WP Migrate Lite = 2.7.8 versions...

PT-2026-49497

Unauthenticated Cross Site Request Forgery CSRF in WP Migrate Lite = 2.7.8 versions...

WordPress WP Migrate Lite plugin <= 2.7.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WP Migrate Lite versions = 2.7.8...

proc-macro-error2 is unmaintained

The author of proc-macro-error2 has confirmed that the crate is no longer maintained and recommends that users migrate away from it. proc-macro-error2 was originally created as a maintained fork of proc-macro-error see RUSTSEC-2024-0370. Both the original crate and this fork are now unmaintained...

CVE-2026-31266

Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint /actions/app/migrate...