GHSA-C38F-WX89-P2XG UltraJSON has a Memory Leak in ujson.dump() on Write Failure

Summary When ujson.dump writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operation leaks the full size of the serialized payload. Code that uses ujson.dumps rather than ujson.dump or...

CVE-2026-34327

Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-7813

A flaw was found in pgadmin4. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's private servers, server groups, background processes, and debugger function arguments by guessing object IDs...

EUVD-2023-34492

An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request...

WordPress Tutor LMS – eLearning and online course solution plugin <= 3.9.9 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Post Deletion vulnerability

Insecure Direct Object Reference to Authenticated Instructor+ Arbitrary Post Deletion vulnerability discovered by molten bit in WordPress Plugin Tutor LMS versions = 3.9.9...

CGA-V32Q-MW5W-CHH5

Bulletin has no description...

MINI-42P9-GCPF-7PX6

Bulletin has no description...

MINI-QFW4-93X7-P459

Bulletin has no description...

MINI-Q782-WG8X-R5QX

Bulletin has no description...

MINI-GMGH-R96C-FX35

Bulletin has no description...

MINI-G3G9-G4P9-RG82

Bulletin has no description...

MINI-X4MV-26GC-CMPW

Bulletin has no description...

CVE-2023-30059

An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request...

MINI-432F-VRWF-GPCP

Bulletin has no description...

WordPress Cost Calculator Builder plugin <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object Reference vulnerability

Unauthenticated Price Manipulation and Insecure Direct Object Reference vulnerability discovered by andrea bocchetti in WordPress Plugin Cost Calculator Builder versions = 4.0.1...

WordPress Checkout Files Upload for WooCommerce plugin <= 2.2.5 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by devploit in WordPress Plugin Checkout Files Upload for WooCommerce versions = 2.2.5...

@0xchain/telemetry (>=1.1.0-beta.8 <=1.1.0-beta.18), @20206205tech/nestjs-common (>=0.8.0 <=0.11.3) +961 more potentially affected by CVE-2026-44293 via protobufjs (>=8.0.0 <=8.0.1)

protobufjs NPM version =8.0.0, =1.1.0-beta.8, =0.8.0, =1.0.0, =1.1.4, =0.3.1, =0.3.1, =0.7.1, =0.7.0, =0.8.0 and more Source cves: CVE-2026-44293 Source advisory: SNYK:JS-PROTOBUFJS-16643421...

GHSA-X23J-RGR4-MP7M vulnerabilities

Vulnerabilities for packages: chromium...

CVE-2026-40129

creationtimestamp| type| source ---|---|--- 2026-05-12 05:02:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlmz4iwkgu2q 2026-05-12 14:20:28+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mlnybnopq22h 2026-05-12 14:25:06+00:00| seen|...

CGA-MFC8-8VXC-99R4

Bulletin has no description...