621 matches found
CVE-2026-23090 slimbus: core: fix device reference leak on report present
In the Linux kernel, the following vulnerability has been resolved: slimbus: core: fix device reference leak on report present Slimbus devices can be allocated dynamically upon reception of report-present messages. Make sure to drop the reference taken when looking up already registered devices...
CVE-2026-23090 slimbus: core: fix device reference leak on report present
In the Linux kernel, the following vulnerability has been resolved: slimbus: core: fix device reference leak on report present Slimbus devices can be allocated dynamically upon reception of report-present messages. Make sure to drop the reference taken when looking up already registered devices...
CVE-2025-6593 "{{SITENAME}} registered email address has been changed" email sent to unverified email addresses
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0...
Fortinet FortiManager SSO authentication bypass (FG-IR-26-060)
The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-060 advisory. - An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 in FortiOS, FortiManager, FortiAnalyze...
CVE-2026-24858
An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager...
CVE-2026-24858
An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager...
PT-2026-5008
Name of the Vulnerable Software and Affected Versions FortiAnalyzer versions 7.0.0 through 7.0.15 FortiAnalyzer versions 7.2.0 through 7.2.11 FortiAnalyzer versions 7.4.0 through 7.4.9 FortiAnalyzer versions 7.6.0 through 7.6.5 FortiManager versions 7.0.0 through 7.0.15 FortiManager versions 7.2....
CVE-2025-71141
In the Linux kernel, the following vulnerability has been resolved: drm/tilcdc: Fix removal actions in case of failed probe The drmkmshelperpollfini and drmatomichelpershutdown helpers should only be called when the device has been successfully registered. Currently, these functions are called...
CVE-2025-13369
The Premmerce WooCommerce Customers Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'moneyspentfrom', 'moneyspentto', 'registeredfrom', and 'registeredto' parameters in all versions up to, and including, 1.1.14 due to insufficient input sanitization and output...
CVE-2024-39891
In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and...
CVE-2019-12361
EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page...
CVE-2025-13493 Latest Registered Users <= 1.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via User Data Export
The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1.4. This is due to missing authorization and nonce validation in the rndhandleformsubmit function hooked to both adminpostmysimpleform and...
CVE-2025-13493
CVE-2025-13493 concerns the WordPress plugin “Latest Registered Users.” It allows unauthenticated attackers to export complete user details (except passwords and tokens) in CSV via the action parameter, due to missing authorization and nonce validation in rnd_handle_form_submit hooked to admin_po...
CVE-2025-13369 Premmerce WooCommerce Customers Manager <= 1.1.14 - Reflected Cross-Site Scripting
The Premmerce WooCommerce Customers Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'moneyspentfrom', 'moneyspentto', 'registeredfrom', and 'registeredto' parameters in all versions up to, and including, 1.1.14 due to insufficient input sanitization and output...
CVE-2025-13369
CVE-2025-13369 concerns Premmerce WooCommerce Customers Manager for WordPress. The Wordfence report confirms a Reflected Cross-Site Scripting (XSS) vulnerability in the plugin, exploitable via the money_spent_from, money_spent_to, registered_from, and registered_to parameters in all versions up t...
WordPress Latest Registered Users plugin <= 1.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via User Data Export vulnerability
Missing Authorization to Unauthenticated Sensitive Information Exposure via User Data Export vulnerability discovered by Legion Hunter in WordPress Plugin Latest Registered Users versions = 1.4...
WordPress plugin Latest Registered Users 安全漏洞
...
PT-2026-1588
Name of the Vulnerable Software and Affected Versions The Latest Registered Users plugin for WordPress versions prior to 1.5 Description The Latest Registered Users plugin for WordPress is susceptible to unauthorized user data export. This is a result of a lack of authorization and nonce validati...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992724)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992724 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring/afunix: defer registered files gc to iouring release Instead of putting iouring's...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992471)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992471 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring/afunix: defer registered files gc to iouring release Instead of putting iouring's...