34363 matches found
CVE-2026-22480 WordPress Product Feed for WooCommerce plugin <= 2.3.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a through = 2.3.3...
CVE-2026-22480 WordPress Product Feed for WooCommerce plugin <= 2.3.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a through = 2.3.3...
CVE-2025-69347 WordPress WPSubscription plugin <= 1.8.10 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSubscription: from n/a through = 1.8.10...
CVE-2025-69347 WordPress WPSubscription plugin <= 1.8.10 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSubscription: from n/a through = 1.8.10...
CVE-2025-69347
CVE-2025-69347 is an IDOR vulnerability in Convers Lab WPSubscription for WordPress WPSubscription plugin versions up to 1.8.10, enabling a user-controlled key to bypass authorization and access objects/resources that should be restricted. Public sources (NVD/Red Hat/EUVD) describe an Authorizati...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception in Node.js HTTP request handling. The flaw triggers when an incoming request includes a header named proto and the server application accesses req.headersDistinct. This causes dest"proto" to incorrectly resolve to...
EUVD-2026-15235
In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop When a standalone IPv6 nexthop object is created with a loopback device e.g., "ip -6 nexthop add id 100 dev lo", fib6nhinit misclassifies it as a reject route...
UBUNTU-CVE-2026-23300
In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop When a standalone IPv6 nexthop object is created with a loopback device e.g., "ip -6 nexthop add id 100 dev lo", fib6nhinit misclassifies it as a reject route...
CVE-2026-23348 cxl: Fix race of nvdimm_bus object when creating nvdimm objects
In the Linux kernel, the following vulnerability has been resolved: cxl: Fix race of nvdimmbus object when creating nvdimm objects Found issue during running of cxl-translate.sh unit test. Adding a 3s sleep right before the test seems to make the issue reproduce fairly consistently. The...
CVE-2026-23330
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: complete pending data exchange on device close In nciclosedevice, complete any pending data exchange before closing. The data exchange callback e.g. rawsockdataexchangecomplete holds a socket reference. NIPA occasionall...
CVE-2026-23300
In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop When a standalone IPv6 nexthop object is created with a loopback device e.g., "ip -6 nexthop add id 100 dev lo", fib6nhinit misclassifies it as a reject route...
SUSE CVE-2026-25921
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to be maliciously overwritten by malicious attackers. This issue has been patched in version 0.14.2...
SUSE CVE-2026-27900
The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, and object storage data in debug logs without redaction. Provider debug logging is not enabled by default. This issue is exposed when debug/provider logs are...
WordPress plugin Gracey 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Apicona 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress plugin Vex 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
PT-2026-27890
Name of the Vulnerable Software and Affected Versions Tasty Daily versions prior to 1.27 Description An issue exists in Tasty Daily that allows for object injection due to deserialization of untrusted data. This could potentially allow an attacker to inject malicious objects. Recommendations Upda...
PT-2026-28027
Name of the Vulnerable Software and Affected Versions JS Archive List versions through 6.1.7 Description A flaw exists in the deserialization of untrusted data within the jquery-archive-list-widget component of JS Archive List, potentially allowing for object injection. Recommendations Update JS...
PT-2026-28112
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference IDOR...
PT-2026-27944
Name of the Vulnerable Software and Affected Versions Nexa Blocks versions through 1.1.1 Description The software contains a flaw due to deserialization of untrusted data, which allows for object injection. This issue impacts Nexa Blocks. Recommendations Update Nexa Blocks to a version later than...