1240 matches found
CVE-2026-2725
Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" ta...
CVE-2026-2725
Gerrit CVE-2026-2725 affects Gerrit versions 2.12 and later due to an incorrect authorization in the "submitted together" feature. An authenticated attacker with force-push permissions on a secondary branch can bypass code review and forcefully submit code to restricted branches by submitting a c...
Gerrit 安全漏洞
Gerrit is a code review tool used within the Gerrit community. Versions of Gerrit 2.12 and later contain security vulnerabilities. These vulnerabilities stem from improper authorization in the “submitted together” feature, which could allow authenticated attackers to bypass code reviews and force...
PT-2026-40576
Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" ta...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix locking order in ivpujobsubmit Fix deadlock in job submission and abort handling. When a thread aborts currently executing jobs due to a fault, it first locks the global lock protecting submittedjobs 1. After the...
CVE-2026-5797
The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution of doshortcode on user-submitted quiz answer text. User-submitted answers pass through...
CVE-2026-3862
Cross-site Scripting XSS allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page...
CVE-2026-2126
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the uspgetsubmittedcategory function accepting user-submitted category IDs from the POST body...
CVE-2026-2126
CVE-2026-2126 affects the WordPress plugin “User Submitted Posts – Enable Users to Submit Posts from the Front End.” The issue is Incorrect Authorization: the function usp_get_submitted_category() accepts user-submitted category IDs from POST without validating against configured allowed categori...
CVE-2026-2126 User Submitted Posts <= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the uspgetsubmittedcategory function accepting user-submitted category IDs from the POST body...
CVE-2026-2126 User Submitted Posts <= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the uspgetsubmittedcategory function accepting user-submitted category IDs from the POST body...
CVE-2026-2126
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the uspgetsubmittedcategory function accepting user-submitted category IDs from the POST body...
PT-2026-20377
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the usp get submitted category function accepting user-submitted category IDs from the POST body...
WordPress plugin User Submitted Posts – Enable Users to Submit Posts from the Front End 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...
User Submitted Posts <= 20251121 - Unauthenticated Open Redirect
The User Submitted Posts plugin for WordPress is vulnerable to Open Redirect in all versions up to and including 20251121. This is due to insufficient validation on the redirect-override POST parameter. Unauthenticated attackers can redirect users to potentially malicious sites by tricking them...
SUSE CVE-2026-23075
In the Linux kernel, the following vulnerability has been resolved: can: esdusb: esdusbreadbulkcallback: fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a "can: gsusb: gsusbreceivebulkcallback: fix URB memory leak". In esdusbopen, the URBs for USB-in transfers are allocated,...
SUSE CVE-2026-23080
In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: mcbausbreadbulkcallback: fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a "can: gsusb: gsusbreceivebulkcallback: fix URB memory leak". In mcbausbprobe - mcbausbstart, the URBs for USB-in transfe...
SUSE CVE-2026-23108
In the Linux kernel, the following vulnerability has been resolved: can: usb8dev: usb8devreadbulkcallback: fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a "can: gsusb: gsusbreceivebulkcallback: fix URB memory leak". In usb8devopen - usb8devstart, the URBs for USB-in transfer...
CVE-2026-23080
In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: mcbausbreadbulkcallback: fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a "can: gsusb: gsusbreceivebulkcallback: fix URB memory leak". In mcbausbprobe - mcbausbstart, the URBs for USB-in transfe...
CVE-2026-23061
In the Linux kernel, the following vulnerability has been resolved: can: kvaserusb: kvaserusbreadbulkcallback: fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a "can: gsusb: gsusbreceivebulkcallback: fix URB memory leak". In kvaserusbset,databittiming - kvaserusbsetuprxurbs, t...