626 matches found
CVE-2026-7252
The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduledoriginalfiledeletion function in all versions up to, and including, 4.5.2 Th...
CVE-2026-7252 WP-Optimize <= 4.5.2 - Authenticated (Author+) Arbitrary File Deletion via 'original-file' Post Meta
The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduledoriginalfiledeletion function in all versions up to, and including, 4.5.2 Th...
CVE-2026-7252
CVE-2026-7252 concerns the WP-Optimize plugin for WordPress (versions up to 4.5.2). A vulnerability in the unscheduled_original_file_deletion function allows an authenticated attacker with author-level access to delete arbitrary files on the server (e.g., wp-config.php) due to insufficient file p...
CVE-2026-7252 WP-Optimize <= 4.5.2 - Authenticated (Author+) Arbitrary File Deletion via 'original-file' Post Meta
The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduledoriginalfiledeletion function in all versions up to, and including, 4.5.2 Th...
PT-2026-38342
The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduled original file deletion function in all versions up to, and including, 4.5.2...
CVE-2026-43272 ring-buffer: Fix possible dereference of uninitialized pointer
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix possible dereference of uninitialized pointer There is a pointer headpage in rbmetavalidateevents which is not initialized at the beginning of a function. This pointer can be dereferenced if there is a failure...
GHSA-9857-6MW7-FQ2M gix-transport: HTTP credentials leaked to redirected host in curl backend
Summary The curl-based HTTP transport in gix-transport sends user credentials passwords, tokens to an attacker-controlled server after an HTTP redirect. When a server responds with a 302 redirect during the initial GET /info/refs, gitoxide records the redirected base URL and rewrites all subseque...
SUSE CVE-2026-31717
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any authenticated user to...
SUSE CVE-2026-31607
In the Linux kernel, the following vulnerability has been resolved: usbip: validate numberofpackets in usbippackretsubmit When a USB/IP client receives a RETSUBMIT response, usbippackretsubmit unconditionally overwrites urb-numberofpackets from the network PDU. This value is subsequently used as...
Linux Distros Unpatched Vulnerability : CVE-2026-31607
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usbip: validate numberofpackets in usbippackretsubmit When a USB/IP client receives a RETSUBMIT response, usbippackretsubmit unconditionally overwrites...
EUVD-2026-22844
The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handlereturntoadmin function trusting a client-controlled cookie oclauporiginaladmin to determine which user to authenticate as, without any server-side...
Malicious code in pypdf-fork (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c3a651b0cc8ca7cc4fcae91ff3160af205a97d0aacacd8e88d76c04ce013bd02 During importing the module, package sends a beacon notification to the owner. The package has no other differences from the original legitimate "pypdf". ---...
Powershell Profile Persistence
This module establishes persistence by modifying a PowerShell profile script, which is automatically executed when PowerShell starts. The module supports multiple profile scopes current user or all users and safely backs up any existing profile prior to modification, enabling clean removal by...
CVE-2026-5617
The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handlereturntoadmin function trusting a client-controlled cookie oclauporiginaladmin to determine which user to authenticate as, without any server-side...
CVE-2026-5617
CVE-2026-5617 affects the WordPress plugin Login as User (all versions up to 1.0.3). The handle_return_to_admin() function trusts a client-controlled cookie (oclaup_original_admin) to select the target user for “Return to Admin,” without server-side verification of the cookie’s legitimacy. This e...
CVE-2026-40043
Pachno 1.0.6 contains an authentication bypass vulnerability (CVE-2026-40043) in the runSwitchUser() action. An authenticated, low-privilege attacker can manipulate the client-controlled original_username cookie and request a switch to user ID 1, potentially obtaining session tokens or administra...
CVE-2026-40043 Pachno 1.0.6 Authentication Bypass via runSwitchUser()
Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser action that allows authenticated low-privilege users to escalate privileges by manipulating the originalusername cookie. Attackers can set the client-controlled originalusername cookie to any value and request a...
PT-2026-32497
Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser action that allows authenticated low-privilege users to escalate privileges by manipulating the original username cookie. Attackers can set the client-controlled original username cookie to any value and request a...
Pachno 1.0.6 (runSwitchUser()) Remote Vertical Privilege Escalation
Summary Pachno is an open-source collaboration platform formerly known as The Bug Genie designed for team project management, issue tracking, and documentation. It offers a module-based, customizable environment for software development and team workflows, distributed under the Mozilla Public...
CVE-2026-33092
Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM macOS before build 42571, Acronis True Image macOS before build 42902...