Lucene search
K

363781 matches found

NVD
NVD
added 2026/06/24 8:16 a.m.9 views

CVE-2026-52931

In the Linux kernel, the following vulnerability has been resolved: batman-adv: tpmeter: avoid use of uninit sender vars batadvtprecvack and batadvtpstop are only valid for tpvars in the BATADVTPSENDER role. When called with a BATADVTPRECEIVER role, it proceeds to read sender-only members that we...

9.8CVSS0.00404EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 8:16 a.m.6 views

CVE-2026-52933

In the Linux kernel, the following vulnerability has been resolved: iouring/poll: fix signed comparison in iopollgetownership iopollgetownership uses a signed comparison to check whether pollrefs has reached the threshold for the slowpath: if unlikelyatomicread&req-pollrefs = IOPOLLREFBIAS...

7.8CVSS0.0012EPSS
Exploits0References6
NVD
NVD
added 2026/06/24 8:16 a.m.7 views

CVE-2026-52932

In the Linux kernel, the following vulnerability has been resolved: xfrm: ipcomp: Free destination pages on acomp errors Move the outfreereq label up by a couple of lines so that the allocated dst SG list gets freed on error as well as success...

7.5CVSS0.00339EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 8:16 a.m.7 views

CVE-2026-52935

In the Linux kernel, the following vulnerability has been resolved: xfrm: espintcp: do not reuse an in-progress partial send espintcp keeps a single in-flight transmit in ctx-partial. Before building a new skmsg, espintcpsendmsg first tries to flush that state through espintcppushmsgs. For blocki...

7.8CVSS0.0012EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 8:16 a.m.7 views

CVE-2026-52937

In the Linux kernel, the following vulnerability has been resolved: tap: fix stack info leak in tapioctl SIOCGIFHWADDR In the SIOCGIFHWADDR path, tapioctl copies 16 bytes of an uninitialised on-stack struct sockaddrstorage to userspace via ifrhwaddr, but netifgetmacaddress only writes safamily an...

0.00154EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 8:16 a.m.8 views

CVE-2026-52929

In the Linux kernel, the following vulnerability has been resolved: sctp: stream: fully roll back denied add-stream state When ADDOUTSTREAMS is denied, SCTP only shrinks the queued chunks and then lowers outcnt. That leaves removed stream metadata behind, so a later re-add can reuse a stale ext a...

7.5CVSS0.00394EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 8:16 a.m.9 views

CVE-2026-52934

In the Linux kernel, the following vulnerability has been resolved: batman-adv: tvlv: reject oversized TVLV packets batadvtvlvcontainerogmappend builds a TVLV packet section from the tvlv.containerlist. The total size of this section is computed by batadvtvlvcontainerlistsize, which sums the size...

8.8CVSS0.00247EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 8:16 a.m.16 views

CVE-2026-52923

In the Linux kernel, the following vulnerability has been resolved: ipc: limit nextid allocation to the valid ID range The checkpoint/restore sysctl path can request the next SysV IPC id through ids-nextid. ipcidralloc currently forwards that request to idralloc with an open-ended upper bound. If...

7.8CVSS0.00123EPSS
Exploits0References11
NVD
NVD
added 2026/06/24 8:16 a.m.8 views

CVE-2026-52927

In the Linux kernel, the following vulnerability has been resolved: netfilter: ebtables: fix OOB read in compatmtwfromuser Luxiao Xu says: The function compatmtwfromuser converts ebtables extensions from 32-bit user structures to kernel native structures. However, it lacks proper validation of th...

7.8CVSS0.0012EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 8:16 a.m.18 views

CVE-2026-52928

In the Linux kernel, the following vulnerability has been resolved: afunix: Reject SIOCATMARK on non-stream sockets SIOCATMARK reports whether the receive queue is at the urgent mark for MSGOOB. In AFUNIX, MSGOOB is supported only for SOCKSTREAM sockets. SOCKDGRAM and SOCKSEQPACKET reject MSGOOB ...

0.00161EPSS
Exploits0References7
NVD
NVD
added 2026/06/24 8:16 a.m.9 views

CVE-2026-52922

In the Linux kernel, the following vulnerability has been resolved: batman-adv: dat: handle forward allocation error batadvdatforwarddata calls pskbcopyforclone to duplicate an skb for each DHT candidate, but does not check the return value before passing it to batadvsendskbprepareunicast4addr...

7.5CVSS0.00394EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 8:16 a.m.8 views

CVE-2026-52925

In the Linux kernel, the following vulnerability has been resolved: vrf: Fix a potential NPD when removing a port from a VRF RCU readers that identified a net device as a VRF port using netifisl3slave assume that a subsequent call to netdevmasterupperdevgetrcu will return a VRF device. They then...

0.00164EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 8:16 a.m.9 views

CVE-2026-52926

In the Linux kernel, the following vulnerability has been resolved: batman-adv: clear current gateway during teardown batadvgwnodefree removes the gateway list entries during mesh teardown, but it does not clear the currently selected gateway. This leaves stale gateway state behind across cleanup...

0.00164EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 8:16 a.m.15 views

CVE-2026-52921

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: stop hash: range iteration at end The following hash set variants: hash:ip,mark hash:ip,port hash:ip,port,ip hash:ip,port,net iterate IPv4 ranges with a 32-bit iterator. The iterator must stop once the last...

0.00164EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 8:16 a.m.8 views

CVE-2026-52924

In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctpstreamupdate is only invoked when the association is moved into COOKIEWAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state...

9.8CVSS0.00265EPSS
Exploits0References11
NVD
NVD
added 2026/06/24 8:16 a.m.9 views

CVE-2026-52913

In the Linux kernel, the following vulnerability has been resolved: batman-adv: v: stop OGMv2 on disabled interface When a batadvhardiface is disabled, its meshiface pointer is set to NULL. However, batadvvogmsendmeshif may still dispatch OGMs via batadvvogmqueueonif for interfaces that have sinc...

0.00176EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 8:16 a.m.7 views

CVE-2026-52919

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix tpmeter counter underflow during shutdown batadvtpsendershutdown unconditionally decrements the "sending" atomic counter. If multiple paths e.g. timeout, user cancel, and normal finish call this function, the...

7.8CVSS0.00117EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 8:16 a.m.8 views

CVE-2026-52920

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtpolicy: fix strict mode inbound policy matching matchpolicyin walks secpath entries from the last transform to the first one, but strict policy matching needs to consume info-pol in the same forward order as the rule...

8.3CVSS0.00299EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 8:16 a.m.7 views

CVE-2026-52917

In the Linux kernel, the following vulnerability has been resolved: sctp: diag: reject stale associations in dumpone path The SCTP exact sockdiag lookup can hold a transport reference, block on locksocksk, and then resume after sctpassociationfree has marked the association dead and freed its bin...

7.1CVSS0.00126EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 8:16 a.m.13 views

CVE-2026-52914

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix fragment reassembly length accounting batman-adv keeps a running payload length for queued fragments and uses it to validate a fragment chain before reassembly. That accounting currently allows the accumulated...

9.8CVSS0.00519EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 8:16 a.m.7 views

CVE-2026-52915

In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6thbh: reject oversized option lists struct ip6topts stores at most IP6TOPTSOPTSNR option descriptors, but hbhmt6check does not reject larger optsnr values supplied from userspace. Validate optsnr in the rule setup...

7.1CVSS0.00126EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 8:16 a.m.9 views

CVE-2026-52916

In the Linux kernel, the following vulnerability has been resolved: batman-adv: frag: disallow unicast fragment in fragment batadvfragskbbuffer is called by batadvbatmanskbrecv when a BATADVUNICASTFRAG packet is received. Once all fragments are collected and the packet is reassembled,...

0.00177EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 8:16 a.m.7 views

CVE-2026-52918

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: serialize acceptq access btsockpoll walks the accept queue without synchronization, while child teardown can unlink the same socket and drop its last reference. The unsynchronized accept queue walk has existed since th...

8.8CVSS0.00266EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 8:16 a.m.10 views

CVE-2026-52912

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfqueue: hold bridge skb-dev while queued brpassframeup rewrites skb-dev from the ingress port to the bridge master before queueing bridge LOCALIN packets. NFQUEUE only holds references on state.in/out and bridge...

7.8CVSS0.00142EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 7:16 a.m.8 views

CVE-2026-9709

The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to disclose the metadata of any other user, including roles, session token previews and stored billing/shipping fields. This affects the premium co...

7.7CVSS0.00219EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 7:16 a.m.11 views

CVE-2026-9643

The WP Meta SEO plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the REQUESTURI server variable in all versions up to, and including, 4.5.18. When the plugin's wpmsTemplateRedirect hook detects a 404, it concatenates $SERVER'HTTPHOST' with the raw...

7.2CVSS0.00241EPSS
Exploits0References6
NVD
NVD
added 2026/06/24 7:16 a.m.11 views

CVE-2026-9724

The MotorDesk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the motordeskadminhome function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS0.00145EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 7:16 a.m.13 views

CVE-2026-9710

The Cornerstone WordPress plugin before 7.8.8 does not enforce capability checks on one of its CSS-preview request handlers, and exposes the nonce needed to call it to every logged-in user on any wp-admin page, allowing any authenticated user to evaluate dynamic content tokens against arbitrary...

7.7CVSS0.00219EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 7:16 a.m.13 views

CVE-2026-9721

The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the settingsform/updatesettings functionality. The plugin's options page handler dispatches on the...

4.3CVSS0.00103EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 7:16 a.m.11 views

CVE-2026-9179

The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to and including 1.8. This is due to insufficient escaping on the user-supplied 'order' parameter read directly from $GET'order' into...

7.5CVSS0.00376EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 7:16 a.m.14 views

CVE-2026-9612

The WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the yapacdevgenerateorderpdf. This makes it possible for unauthenticated attackers to extract sensitive customer PII and order...

5.3CVSS0.00308EPSS
Exploits0References7
NVD
NVD
added 2026/06/24 7:16 a.m.9 views

CVE-2026-9620

The WP Latest Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted image src attributes in post content in versions up to, and including, 5.0.11. This is due to insufficient output escaping in the field and loop functions, which extract the raw src attribute value...

6.4CVSS0.00207EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 7:16 a.m.10 views

CVE-2026-9175

The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.0. This is due to the getsingleaccount REST API callback being registered with a permissioncallback that unconditionally returns tru...

5.3CVSS0.00348EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 7:16 a.m.12 views

CVE-2026-9178

The WP Forms Connector plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.8. The plugin registers the REST route wp/v3/user/list/ callback userDetail with permissioncallback set to 'returntrue', and the function's home-grown authentication only...

7.5CVSS0.00347EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 7:16 a.m.10 views

CVE-2026-9184

The 24liveblog - live blog tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatelb24token AJAX function in versions up to, and including, 2.2. The handler only verifies the 'lb24' nonce which is generated and localized to any...

4.3CVSS0.00215EPSS
Exploits0References6
NVD
NVD
added 2026/06/24 7:16 a.m.8 views

CVE-2026-9616

The Generate Security.txt plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.12. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.0024EPSS
Exploits0References7
NVD
NVD
added 2026/06/24 7:16 a.m.9 views

CVE-2026-9619

The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00307EPSS
Exploits0References6
NVD
NVD
added 2026/06/24 7:16 a.m.10 views

CVE-2026-9183

The 24liveblog - live blog tool plugin for WordPress is vulnerable to Exposure of Sensitive Information in versions up to, and including, 2.2. This is due to the lb24blockenqueuescripts function being hooked to enqueueblockeditorassets and, for any non-administrator user, falling back to loading...

4.3CVSS0.0021EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 7:16 a.m.10 views

CVE-2026-8628

The EntreDroppers plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

6.1CVSS0.00205EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 7:16 a.m.9 views

CVE-2026-8688

The Advance Nav Menu Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00227EPSS
Exploits0References7
NVD
NVD
added 2026/06/24 7:16 a.m.11 views

CVE-2026-8865

The Avalon23 Products Filter for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'avalon23qr' shortcode in all versions up to, and including, 1.1.6. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes notab...

6.4CVSS0.00193EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 7:16 a.m.10 views

CVE-2026-8690

The RentMy Real-Time Rental Management Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.0.4.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00255EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 7:16 a.m.9 views

CVE-2026-8705

The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the pagsegurometodo POST parameter of the clearsaletotalpush AJAX action in all versions up to, and including, 3.4.2. The handler is registered for unauthenticated users wpajaxnoprivclearsaletotalpush, and although a...

7.5CVSS0.00505EPSS
Exploits0References6
NVD
NVD
added 2026/06/24 7:16 a.m.8 views

CVE-2026-9172

The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to unauthorized modification/deletion of data due to a missing capability check on the deletesingleaccount function in versions up to, and including, 1.2.0. The REST route...

5.3CVSS0.00227EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 7:16 a.m.10 views

CVE-2026-8905

The Osiris Signature Banner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...

6.1CVSS0.00135EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 7:16 a.m.9 views

CVE-2026-8896

The MIR blocks and shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute and other attributes such as 'readyanimationtext' of the 'mscstats' shortcode in versions up to, and including, 1.0.0. This is due to insufficient input sanitization and outpu...

6.4CVSS0.00187EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 7:16 a.m.8 views

CVE-2026-4297

The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0.0.31. This is due to a missing capability check in the ncsetOption function, which is exposed via the nc.setOption XML-RPC method. The function authenticates the us...

8.8CVSS0.00463EPSS
Exploits0References9
NVD
NVD
added 2026/06/24 7:16 a.m.9 views

CVE-2026-7617

The SecuforOAuth plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to disconnect the WordPress...

5.3CVSS0.00295EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 7:16 a.m.10 views

CVE-2026-8614

The Assistio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the assistioplugindeleteassistiosettings function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers,...

4.3CVSS0.00238EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 7:16 a.m.12 views

CVE-2026-8617

The SearchPlus plugin for WordPress is vulnerable to unauthorized modification and deletion of data in versions up to, and including, 1.7.1. This is due to a missing capability check and missing nonce validation on the searchplussavetokenactioncallback and searchplusresettokenactioncallback...

5.3CVSS0.00228EPSS
Exploits0References5
Total number of security vulnerabilities363781