15925 matches found
EUVD-2026-40155
Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api/v1/accounts/pk/password/ endpoint that allows domain administrators to change any user's password. Attackers with domain admin privileges can bypass object-level access controls to reset superadmin...
CVE-2026-56780 Modoboa < 2.9.0 - Insecure Direct Object Reference in Account Password Change API
Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api/v1/accounts/pk/password/ endpoint that allows domain administrators to change any user's password. Attackers with domain admin privileges can bypass object-level access controls to reset superadmin...
CVE-2026-56780
Modoboa prior to version 2.9.0 contains an insecure direct object reference in the PUT /api/v1/accounts/{pk}/password/ API. This flaw allows domain administrators to bypass object‑level access controls and change any user’s password, enabling full account takeover by resetting superadmin password...
PYSEC-2026-574 wger: cross-tenant password reset and plaintext disclosure via gym=None bypass
Summary The resetuserpassword and gympermissionsuseredit views in wger perform a gym-scope authorization check using Python object comparison != that evaluates None != None as False, silently bypassing the guard when both the attacker and victim have no gym assignment gym=None. A user with...
CVE-2026-53293
A flaw was found in the Linux kernel's AMDGPU graphics driver. Multiple issues exist within the AMDGPUINFOREADMMRREG function, including an incorrect order of operations between the reset semaphore and the memory management lock, and memory allocation while holding the reset semaphore. These issu...
CVE-2026-53301
A flaw was found in the Linux kernel. Missing reset operations can lead to a null pointer dereference, which may cause system instability or a denial of service DoS. This vulnerability occurs when the system attempts to use uninitialized reset operations, resulting in an unexpected system state...
PT-2026-53755
Name of the Vulnerable Software and Affected Versions Zephyr version 4.4.0 Description An issue exists where the mcumgr serial process frag function in subsys/mgmt/mcumgr/transport/src/serial util.c calls net buf reset on the result of smp packet alloc without first verifying if the result is NUL...
OctoberCMS - Account Takeover
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5. id:...
SUSE CVE-2026-53280
In the Linux kernel, the following vulnerability has been resolved: iommu: Fix NULL group-domain dereference in pcidevresetiommudone Local sashiko review pointed it out that group-domain could be NULL when a default domain fails to allocate during the first probe, which can crash at...
SUSE CVE-2026-53293
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix AMDGPUINFOREADMMRREG There were multiple issues in that code. First of all the order between the reset semaphore and the mmlock was wrong e.g. copytouser was called while holding the lock. Then we allocated memory...
SUSE CVE-2026-53301
In the Linux kernel, the following vulnerability has been resolved: reset: amlogic: t7: Fix null reset ops Fix missing reset ops causing kernel null pointer dereference. This SOC's reset is currently not used yet...
CVE-2026-12415
The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravelinvoiceeditaccount AJAX action in versions up to, and including, 1.0.0. The handler is exposed via wpajaxnoprivpravelinvoiceeditaccount, accepts an attacker-controlled...
EUVD-2026-39943
The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravelinvoiceeditaccount AJAX action in versions up to, and including, 1.0.0. The handler is exposed via wpajaxnoprivpravelinvoiceeditaccount, accepts an attacker-controlled...
CVE-2026-12415
The CVE concerns the WordPress plugin Invoice Generator. Vulnerable in versions up to 1.0.0 due to a missing capability check on the pravel_invoice_edit_account() AJAX action. The handler is exposed via wp_ajax_nopriv_pravel_invoice_edit_account and accepts attacker-controlled user_id and user_em...
CVE-2026-12415
The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravelinvoiceeditaccount AJAX action in versions up to, and including, 1.0.0. The handler is exposed via wpajaxnoprivpravelinvoiceeditaccount, accepts an attacker-controlled...
PT-2026-53043
Name of the Vulnerable Software and Affected Versions Invoice Generator versions prior to 1.0.1 Description The Invoice Generator plugin for WordPress allows privilege escalation because it fails to perform a capability check on the pravel invoice edit account AJAX action. The handler is exposed...
DEBIAN-CVE-2026-53301
In the Linux kernel, the following vulnerability has been resolved: reset: amlogic: t7: Fix null reset ops Fix missing reset ops causing kernel null pointer dereference. This SOC's reset is currently not used yet...
CVE-2026-53301
In the Linux kernel, the following vulnerability has been resolved: reset: amlogic: t7: Fix null reset ops Fix missing reset ops causing kernel null pointer dereference. This SOC's reset is currently not used yet...
CVE-2026-53293
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix AMDGPUINFOREADMMRREG There were multiple issues in that code. First of all the order between the reset semaphore and the mmlock was wrong e.g. copytouser was called while holding the lock. Then we allocated memory...
CVE-2026-53289
In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM firmware update via nvmupdate64e, icevsirebuild tears down the VSI on its...