Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update

YIKES Inc. Custom Product Tabs for WooCommerce plugin \u003C= 1.7.7 contains a broken access control caused by improper permission checks in &yikes-the-content-toggle option update, letting attackers modify content without authorization. id: CVE-2022-28666 info: name: Custom Product Tabs for...

PT-2026-52120

Name of the Vulnerable Software and Affected Versions Unraid affected versions not specified Description A command injection flaw in the web server allows authenticated remote attackers to execute arbitrary code in the context of the www-data user. The issue occurs in the ToggleState.php file due...

CVE-2026-7842

The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validate the orderby and order parameters in the importlist, urldetail, and filedetail admin page callbacks before using them in SQL queries, allowing authenticated attackers with Editor-level...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fixed the issue of tracepoints being reset upon removal of the timerlat tracer. If a timerlat tracer is started with the osnoise option OSNOISEWORKLOAD disabled, but then that option is enabled again and the...

CVE-2026-8904

The FastPicker, an order picker and order management system oms for WooCommerce on steroids plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the settingsPage function. This makes i...

CVE-2026-42236

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exhaust server memor...

CVE-2026-42074

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the dangerouslyDisableSandbox parameter is exposed as part of the BashTool input schema, meaning the LLM an untrusted principal per the project's own threat model can set ...

CVE-2026-45610

CVE-2026-45610 relates to a CSRF vulnerability in WWBN AVideo where plugin/LoginControl/set.json.php exposes a 2FA disable action (type=set2FA) without CSRF protection. The code path checks only User::isLogged() and then directly calls LoginControl::setUser2FA(User::getId(), …) based on POST valu...

PT-2026-44277

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A Use-After-Free UAF issue exists in the sched ext component. The functions scx group set weight, scx group set idle, and sc...

CVE-2026-33380

A flaw was found in Grafana. An authenticated attacker can exploit a vulnerability in SQL Expressions to read arbitrary files from the Grafana server's filesystem. This information disclosure is possible only when the sqlExpressions feature toggle is enabled...

SUSE CVE-2026-44059

A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption...

CVE-2026-44059

A flaw was found in Netatalk. This vulnerability, related to a non-reentrant privilege toggle, could allow a local attacker with low privileges to potentially bypass security restrictions. This could lead to a low impact on confidentiality, integrity, and availability of the system...

CVE-2026-44059

A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption...

EUVD-2026-31233

A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption...

CVE-2026-44059 Non-reentrant privilege toggle

A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption...

CVE-2026-44059

A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption...

CVE-2026-44059 Non-reentrant privilege toggle

A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption...

CVE-2026-44059

Netatalk 2.2.5–4.4.2 contains a non-reentrant privilege toggle vulnerability (race condition) that could allow a local attacker to obtain limited information, modify limited data, or trigger a minor service disruption. The issue is fixed in Netatalk 4.5.0. Affected versions and impact are consist...

CVE-2026-44059

A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption...

PT-2026-42415

Name of the Vulnerable Software and Affected Versions Netatalk versions 2.2.5 through 4.4.2 Description A race condition exists in the privilege toggle mechanism due to a non-reentrant privilege toggle. This allows a local attacker to obtain limited information, modify limited data, or cause a...