CVE-2026-6862

A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI Extensible Firmware Interface device path node header. A local user could exploit this...

EUVD-2026-11083

The Gutena Forms WordPress plugin before 1.6.1 does not validate option to be updated, which could allow contributors and above role to update arbitrary boolean and array options such as userscanregister...

EUVD-2026-11084

The Gutena Forms WordPress plugin before 1.6.1 does not validate option to be updated, which could allow contributors and above role to update arbitrary boolean and array options such as userscanregister...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant. Versions of OpenClaw prior to 2026.2.23 had security vulnerabilities. These vulnerabilities stemmed from a flaw in the validation of the sort command by tools.exec.safeBins, which failed to correctly validate GNU long option...

CVE-2026-23183 cgroup/dmem: fix NULL pointer dereference when setting max

In the Linux kernel, the following vulnerability has been resolved: cgroup/dmem: fix NULL pointer dereference when setting max An issue was triggered: BUG: kernel NULL pointer dereference, address: 0000000000000000 PF: supervisor read access in kernel mode PF: errorcode0x0000 - not-present page P...

CVE-2021-31881

A vulnerability has been identified in Capital Embedded AR Classic 431-422 All versions, Capital Embedded AR Classic R20-11 All versions V2303. When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor options, leading to Denial-of-Service...

WordPress plugin Make Email Customizer for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

EUVD-2025-9356

Malicious code in bioql PyPI...

SUSE CVE-2025-38482

In the Linux kernel, the following vulnerability has been resolved: comedi: das6402: Fix bit shift out of bounds When checking for a supported IRQ number, the following test is used: / IRQs 2,3,5,6,7, 10,11,15 are valid for "enhanced" mode / if 1 options1 & 0x8cec However, it-optionsi is an...

SUSE CVE-2025-38483

In the Linux kernel, the following vulnerability has been resolved: comedi: das16m1: Fix bit shift out of bounds When checking for a supported IRQ number, the following test is used: / only irqs 2, 3, 4, 5, 6, 7, 10, 11, 12, 14, and 15 are valid / if 1 options1 & 0xdcfc However, it-optionsi is an...

SUSE-SU-2025:20413-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52888: media: mediatek: vcodec: Only free buffer VA that is not NULL bsc1228557. - CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer...

CVE-2023-0378

The Greenshift WordPress plugin before 5.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-1203

The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog optio...

CVE-2025-21962

CVE-2025-21962 affects the Linux kernel CIFS mount option closetimeo, where user-provided closetimeo (u32) is converted to jiffies before validation, allowing an integer overflow. Connected sources (Astra Linux, ALAS AWS advisories, Debian/Red Hat references) confirm this as a kernel-level issue ...

CVE-2024-6884

The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.39 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2021-4374

The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the processform.php file. This makes it possible for unauthenticated attackers to arbitrarily update the...

CVE-2021-4374 WordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options Update

The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the processform.php file. This makes it possible for unauthenticated attackers to arbitrarily update the...

WordPress Plugin WordPress Automatic 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Elementor Pro < 3.11.7 - Subscriber+ Arbitrary Options Update

The plugin does not have authorisation in an AJAX action relying only on a nonce, which is available to any authenticated users, and does not validate the options to be updated. This allows any authenticated users, such as subscriber to update arbitrary blog options, such as the defaultrole, when...

CVE-2022-1203

The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog optio...