PT-2026-37610

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A reference leak exists in the Linux kernel within the mtk-mdp media component. The vpu get plat device function, called during mtk mdp probe, increases the reference count of the return...

PT-2026-37547

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mtk-mdp media component within the probe function. The lack of proper error handling leads to a resource leak when mtk mdp unregister m2m device is not called on t...

PT-2026-38261

Name of the Vulnerable Software and Affected Versions mistune versions prior to 3.2.1 Description A Denial-of-Service DoS issue exists in the Mistune Markdown parser. Processing specially crafted reference links can cause excessive backtracking and parsing loops within the parse link title functi...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the nfsdgetdirdeleg function in nfsd not releasing the nfs4file reference, potentially leading to...

PT-2026-37494

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Crafted EROFS images containing valid volume labels can trigger incorrect early returns in volume label handling, leading to folio reference leaks. Folio reference leaks occur when the...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to refresh states and policies during the NETDEVUNREGISTER event. This could lead to ...

PT-2026-37416

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix incorrect dentry refcount in cachefiles cull The patch mentioned below changed cachefiles bury object to expect 2 references to the 'rep' dentry. Three of the callers were changed to use start removing dentry whic...

GHSA-958H-QP3X-Q4GJ AVideo: IDOR in PayPalYPT Plugin Allows Any Authenticated User to Cancel Arbitrary PayPal Subscription Agreements

Summary plugin/PayPalYPT/agreementCancel.json.php cancels a PayPal billing agreement using an attacker-supplied agreement parameter without verifying that the authenticated user owns the agreement. A low-privilege authenticated user who learns or obtains another user's PayPal billing agreement ID...

CGA-P2W5-MPGM-2M5Q

Bulletin has no description...

CVE-2026-23298

creationtimestamp| type| source ---|---|--- 2026-05-05 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/debian-linux-kernel-multiple-vulnerabilities20260506 2026-05-31 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/suse-linux-kernel-multiple-vulnerabilities20260601...

GHSA-R7CG-QJJM-XHQQ

creationtimestamp| type| source ---|---|--- 2026-05-05 17:40:29+00:00| seen| https://gist.github.com/alon710/ba9b0db74ec141f4dfe472b1318d5102...

MINI-CVHP-8MGQ-XPG2

Bulletin has no description...

MINI-6CHC-2CPW-QG9W

Bulletin has no description...

MINI-HCQC-4X7J-73R9

Bulletin has no description...

CVE-2026-43063

CVE-2026-43063 pertains to the Linux kernel XFS attribute recovery path. The vulnerability arises when xlog_recovery_iget* fails to yield a valid pointer and an ensuing irele operates on a dangling pointer, potentially enabling a local attacker to crash the system and cause a DoS. The Red Hat adv...

EUVD-2026-27225

The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.0. This is due to missing object-level authorization checks in the /wp-json/generateblocks/v1/dynamic-tag-replacements REST endpoint. The endpoint only verifies that...

CVE-2026-7812

creationtimestamp| type| source ---|---|--- 2026-05-05 07:21:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml3nmbtz2e2c...

CVE-2026-3454

The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.0. This is due to missing object-level authorization checks in the /wp-json/generateblocks/v1/dynamic-tag-replacements REST endpoint. The endpoint only verifies that...

GHSA-XX6V-RP6X-Q39C

creationtimestamp| type| source ---|---|--- 2026-05-05 04:10:29+00:00| seen| https://gist.github.com/alon710/059ddc175def05e4e65c2e2b81657e9a...

CVE-2026-2554

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via the 'wcfmdeletewcfmcustomer' due to missing validation on the 'customerid' user...