12605 matches found
CVE-2026-31444
CVE-2026-31444 affects ksmbd in the Linux kernel. The vulnerability arises from two flaws in the oplock publication sequence inside smb_grant_oplock(): (1) opinfo is linked into ci->m_op_list before add_lease_global_list(), so if that call fails, a freed node is dereferenced by concurrent read...
CVE-2026-31444 ksmbd: fix use-after-free and NULL deref in smb_grant_oplock()
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and NULL deref in smbgrantoplock smbgrantoplock has two issues in the oplock publication sequence: 1 opinfo is linked into ci-moplist via opinfoadd before addleasegloballist is called. If...
EUVD-2026-24696
The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 1.0.6. This is due to the front-end TOC rendering script reading heading text via innerText and inserting it into the page using innerHTML...
EUVD-2026-24662
The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers adminpost action hooks for creating tables adminpostaddtable and deleting tables adminpostdeletedbtable without implementing any capability checks via...
EUVD-2026-24668
The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0 via the 'tablemanager' shortcode. The shortcode handler tablemanagerrendertableshortcode takes a user-controlled table attribute, applies only sanitizekey for...
WordPress Create DB Tables plugin <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Table Creation/Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Database Table Creation/Deletion vulnerability discovered by theviper17y in WordPress Plugin Create DB Tables versions = 1.2.1...
CVE-2026-5820
The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 1.0.6. This is due to the front-end TOC rendering script reading heading text via innerText and inserting it into the page using innerHTML...
CVE-2026-4126
The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0 via the 'tablemanager' shortcode. The shortcode handler tablemanagerrendertableshortcode takes a user-controlled table attribute, applies only sanitizekey for...
CVE-2026-4119
The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers adminpost action hooks for creating tables adminpostaddtable and deleting tables adminpostdeletedbtable without implementing any capability checks via...
kernel: macvlan: fix error recovery in macvlan_common_newlink()
A use-after-free vulnerability was found in the macvlan driver. When creating a macvlan interface in source mode fails after the source MAC has been added to the hash table e.g., due to an invalid interface name, the hash entry still references the freed netdevice structure. Subsequent packets...
CVE-2026-4119
CVE-2026-4119 affects the WordPress plugin Create DB Tables (versions up to and including 1.2.1). The vulnerability arises from missing capability checks and nonce verification in admin_post hooks for creating and deleting tables, allowing any authenticated user (including Subscribers) to execute...
CVE-2026-4119 Create DB Tables <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Table Creation/Deletion via admin-post.php
The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers adminpost action hooks for creating tables adminpostaddtable and deleting tables adminpostdeletedbtable without implementing any capability checks via...
CVE-2026-4126 Table Manager <= 1.0.0 - Authenticated (Contributor+) Sensitive Information Exposure via 'table' Shortcode Attribute
The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0 via the 'tablemanager' shortcode. The shortcode handler tablemanagerrendertableshortcode takes a user-controlled table attribute, applies only sanitizekey for...
CVE-2026-4126
The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0 via the 'tablemanager' shortcode. The shortcode handler tablemanagerrendertableshortcode takes a user-controlled table attribute, applies only sanitizekey for...
CVE-2026-4126
Summary: The WordPress Table Manager plugin (v1.0.0 and earlier) is vulnerable to sensitive data exposure via the table shortcode. The handler uses a user-controlled table attribute, only applies sanitize_key(), and concatenates the value with $wpdb->prefix to form a full table name, then exec...
CVE-2026-5820 Zypento Blocks <= 1.0.6 - Authenticated (Author+) Stored Cross-Site Scripting via Table of Contents Block
The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 1.0.6. This is due to the front-end TOC rendering script reading heading text via innerText and inserting it into the page using innerHTML...
CVE-2026-5820
The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 1.0.6. This is due to the front-end TOC rendering script reading heading text via innerText and inserting it into the page using innerHTML...
CVE-2026-5820 Zypento Blocks <= 1.0.6 - Authenticated (Author+) Stored Cross-Site Scripting via Table of Contents Block
The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 1.0.6. This is due to the front-end TOC rendering script reading heading text via innerText and inserting it into the page using innerHTML...
CVE-2026-5820
The CVE-2026-5820 entry concerns the WordPress plugin Zypento Blocks (versions ≤ 1.0.6). The issue is a Stored Cross-Site Scripting (Stored XSS) in the Table of Contents block due to a front-end rendering script that reads heading text with innerText and injects it via innerHTML without proper sa...
EUVD-2026-24592
In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shmcreatelargepage3 interface. In particular, it...