VulnCheck KEV: CVE-2026-3296

The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.3 via deserialization of untrusted input from form entry metadata. This is due to the html-admin-page-entries-view.php file calling PHP's native unserialize on stored entry meta...

mutt 安全漏洞

Mutt is an open-source command-line email client for sending emails from the terminal. Versions of Mutt prior to 2.3.2 contained a security vulnerability, which stemmed from an infinite loop in dataobjecttostream in crypt-gpgme.c...

PT-2026-36776

Name of the Vulnerable Software and Affected Versions mutt versions prior to 2.3.2 Description An infinite loop exists in the data object to stream function within the crypt-gpgme.c file. Recommendations Update to version 2.3.2 or later...

Astra Linux – Vulnerability in Firefox

A memory-out-of-memory condition during object initialization could lead to an empty shape list. If the JIT compiler traces the object subsequently, it will cause a crash. This vulnerability affects Firefox versions less than 125...

Astra Linux – Vulnerability in Chromium

In ANGLE of Google Chrome, before version 96.0.4664.110, there was an issue with the object lifecycle mechanism that allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux - уязвимость в chromium

Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel before version 6.0.3, the file drivers/gpu/drm/virtio/virtgpuobject.c misinterprets the return value of drmgemshmemgetsgtable. It expects the value to be NULL in the error case, but in reality, it is an error pointer...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/msm: Fixed an object leak in the VMBIND error path. If we fail to perform the handle-lookup operation halfway through, we need to discard the already obtained object references. Patchwork:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/i915/vma: Fixed a UAF issue during destruction that could lead to a race condition. Object debugging tools occasionally reported illegal attempts to free an i915 VMA object when parking a GT that was believed to be idle...

Astra Linux – Vulnerability in python-pymysql

PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input, because keys are not escaped by escapedict...

Astra Linux – Vulnerability in Firefox and Thunderbird

During process shutdown, a document could cause a use-after-free of a languages service object, resulting in memory corruption and potentially exploitable crashes. This vulnerability affects Firefox 93, Thunderbird 91.2, and Firefox ESR 91.2...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: Fixed a potential data race in nftobjtypeget. The function nftunregisterobj can occur concurrently with nftobjtypeget. There is no protection when iterating over the nftablesobjects list in nftobjtypeget...

Astra Linux – Vulnerability in OpenSSL

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems such as OCSP, PKCS7/SMIME, CMS, CMP/CRMF, or TS without a message size limit may...

Binutils: binutils: arbitrary code execution via malformed xcoff object file processing

...

CVE-2026-5337

During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference IDOR attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly valida...

CVE-2026-5337 Frontend File Manager Plugin <= 23.6 - Subscriber+ Arbitrary Download Access via IDOR

During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference IDOR attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly valida...

EUVD-2026-26818

During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference IDOR attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly valida...

CVE-2026-5337

During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference IDOR attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly valida...

WordPress plugin Frontend File Manager Plugin 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is a...

CVE-2026-2554

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via the 'wcfmdeletewcfmcustomer' due to missing validation on the 'customerid' user...