WordPress WCFM – Frontend Manager for WooCommerce plugin <= 6.7.25 - Authenticated (Vendor+) Insecure Direct Object Reference to Arbitrary User Deletion vulnerability

Authenticated Vendor+ Insecure Direct Object Reference to Arbitrary User Deletion vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin WCFM – Frontend Manager for WooCommerce versions = 6.7.25...

PT-2026-36331

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The caiaq driver in the ALSA subsystem stores a pointer to the parent USB device in cdev-chip.dev without taking a reference to it. This leads to a use-after-free scenario where the snd...

Apache Neethi 代码问题漏洞

Apache Neethi is a policy processing framework library developed by the Apache Foundation. Apache Neethi has code-related vulnerabilities; these vulnerabilities arise from the lack of restrictions on URIs when manually retrieving remote policy references via the PolicyReference API. This could le...

PT-2026-36313

Name of the Vulnerable Software and Affected Versions Apache Neethi versions prior to 3.2.2 Description The PolicyReference API does not impose restrictions on URIs when manually fetching remote policy references. This allows an application that explicitly calls the API to make outbound requests...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper handling of reference counts during error handling paths. This issue may lead to resourc...

MINI-FXV9-F25C-5WGQ

Bulletin has no description...

CVE-2026-4503

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key...

CVE-2026-4503

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key...

CVE-2026-4503 Unauthenticated Insecure Direct Object Reference (IDOR) Vulnerability in Langflow Desktop Image Download Endpoint

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key...

EUVD-2026-26435

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key...

CVE-2026-4503 Unauthenticated Insecure Direct Object Reference (IDOR) Vulnerability in Langflow Desktop Image Download Endpoint

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key...

MINI-626H-FCP8-GX78

Bulletin has no description...

CVE-2025-13890

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-12494. Reason: This candidate is a reservation duplicate of CVE-2025-12494. Notes: All CVE users should reference CVE-2025-12494 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

MINI-5QR2-H4X4-GCWV

Bulletin has no description...

MINI-X7CC-5XWV-828G

Bulletin has no description...

MINI-QWH7-FPXH-63G2

Bulletin has no description...

EUVD-2025-209595

Improper Restriction of XML External Entity Reference vulnerability in Connext Professional Core Libraries allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3....

MINI-329M-XFPR-3PV4

Bulletin has no description...

CVE-2026-0206

creationtimestamp| type| source ---|---|--- 2026-04-30 13:55:17+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mkprcb5i6n2c 2026-05-01 02:58:40+00:00| seen| https://bsky.app/profile/getpokemon7.bsky.social/post/3mkr52zptik2e...

CVE-2026-37525

creationtimestamp| type| source ---|---|--- 2026-04-30 08:49:16+00:00| seen| https://gist.github.com/sgInnora/8526eedcfd826d05ef1fc45d8f405643...