4617 matches found
CVE-2026-1830
The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file uploads. This makes it possible for unauthenticated...
PT-2026-31577
Name of the Vulnerable Software and Affected Versions The Quick Playground plugin for WordPress versions up to and including 1.3.1 Description The Quick Playground plugin for WordPress is susceptible to Remote Code Execution due to inadequate authorization checks on REST API endpoints. These...
EUVD-2026-20411
Missing Authorization vulnerability in Mulika Team MIPL WC Multisite Sync mipl-wc-multisite-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MIPL WC Multisite Sync: from n/a through = 1.4.4...
CVE-2026-39713
Missing Authorization vulnerability in mailercloud Mailercloud – Integrate webforms and synchronize website contacts mailercloud-integrate-webforms-synchronize-contacts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mailercloud – Integrate webforms and...
CVE-2026-39705
Missing Authorization vulnerability in Mulika Team MIPL WC Multisite Sync mipl-wc-multisite-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MIPL WC Multisite Sync: from n/a through = 1.4.4...
CVE-2026-39705 WordPress MIPL WC Multisite Sync plugin <= 1.4.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Mulika Team MIPL WC Multisite Sync mipl-wc-multisite-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MIPL WC Multisite Sync: from n/a through = 1.4.4...
CVE-2026-39705
Missing Authorization vulnerability in Mulika Team MIPL WC Multisite Sync mipl-wc-multisite-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MIPL WC Multisite Sync: from n/a through = 1.4.4...
CVE-2026-39705 WordPress MIPL WC Multisite Sync plugin <= 1.4.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Mulika Team MIPL WC Multisite Sync mipl-wc-multisite-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MIPL WC Multisite Sync: from n/a through = 1.4.4...
CVE-2026-39705
CVE-2026-39705 concerns the WordPress plugin MIPL WC Multisite Sync by Mulika Team, vulnerable through a missing/incorrect authorization mechanism. The issue affects versions through 1.4.4 and is categorized as Broken Access Control due to improperly configured access control security levels. Pub...
PT-2026-31267
Name of the Vulnerable Software and Affected Versions MIPL WC Multisite Sync versions through 1.4.4 Description A missing authorization issue exists in Mulika Team MIPL WC Multisite Sync, allowing exploitation of incorrectly configured access control security levels. Recommendations Update MIPL W...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006726)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006726 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs The dreamcastcard-timer could schedu...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006782)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006782 advisory. In the Linux kernel, the following vulnerability has been resolved: cnic: Fix use-after-free bugs in cnicdeletetask The original code uses canceldelayedwork in...
WordPress plugin MIPL WC Multisite Sync 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
[SECURITY] Fedora 43 Update: calibre-9.6.0-1.fc43
Calibre is meant to be a complete e-library solution. It includes library management, format conversion, news feeds to ebook conversion as well as e-book reader sync features. Calibre is primarily a ebook cataloging program. It manages your ebook collection for you. It is designed around the...
SUSE CVE-2026-23465
In the Linux kernel, the following vulnerability has been resolved: btrfs: log new dentries when logging parent dir of a conflicting inode If we log the parent directory of a conflicting inode, we are not logging the new dentries of the directory, so when we finish we have the parent directory's...
CVE-2026-23465
CVE-2026-23465 affects the Linux kernel (btrfs) where logging the parent directory of a no-longer-existing conflicting inode could skip logging the directory’s new dentries, causing missing dentries after a power loss when an fsync occurs. The issue is resolved by logging new dir dentries wheneve...
CVE-2026-23459 ip_tunnel: adapt iptunnel_xmit_stats() to NETDEV_PCPU_STAT_DSTATS
In the Linux kernel, the following vulnerability has been resolved: iptunnel: adapt iptunnelxmitstats to NETDEVPCPUSTATDSTATS Blamed commits forgot that vxlan/geneve use udptunnel6xmitskb which call iptunnelxmitstats. iptunnelxmitstats was assuming tunnels were only using NETDEVPCPUSTATTSTATS...
CVE-2026-23459
The CVE-2026-23459 issue affects the Linux kernel IP tunnel code, specifically iptunnel_xmit_stats(). The bug arose because the function assumed tunnels used NETDEV_PCPU_STAT_TSTATS, while vxlan/geneve tunnels call udp_tunnel[6]_xmit_skb() and read NETDEV_PCPU_STAT_DSTATS, creating potential data...
Arbitrary File Upload
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary File Upload via the Mirror Sync process. An attacker can escape the intended sandbox and gain unauthorized access to files outside the designated directory by exploiting...
GHSA-CWF8-44X6-32C2 OpenClaw: OpenShell Mirror Sync — Sandbox Escape via Unrestricted File Sync + Symlink Traversal
Summary OpenShell Mirror Sync: Sandbox Escape via Unrestricted File Sync + Symlink Traversal Current Maintainer Triage - Status: narrow - Normalized severity: high - Assessment: v2026.3.28 still has the mirror-boundary bug because shipped c02ee8 only excluded hooks while unreleased 3b9dab is the...