|
2351
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
crypto: ccp - Fix use-after-free on error path
In the error path of sev_tsm_init_locked(), the code dereferences 't'
after it has…
|
CWE-416
Use After Free
|
CVE-2026-23344
|
2026-04-25 03:17 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2352
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
crypto: ccp - Corrección de uso después de liberación en la ruta de error
En la ruta de error de sev_tsm_init_locked(), el códig…
|
CWE-416
Use After Free
|
CVE-2026-23344
|
2026-04-25 03:17 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2353
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
arm64: gcs: Do not set PTE_SHARED on GCS mappings if FEAT_LPA2 is enabled
When FEAT_LPA2 is enabled, bits 8-9 of the PTE replace …
|
NVD-CWE-noinfo
|
CVE-2026-23345
|
2026-04-25 03:17 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2354
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
arm64: gcs: No establecer PTE_SHARED en mapeos GCS si FEAT_LPA2 está habilitado
Cuando FEAT_LPA2 está habilitado, los bits 8-9 d…
|
NVD-CWE-noinfo
|
CVE-2026-23345
|
2026-04-25 03:17 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2355
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorized course-level information by modifying intercepted API …
|
CWE-284
CWE-285
Improper Access Control
Improper Authorization
|
CVE-2025-67259
|
2026-04-25 03:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2356
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Wavr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wave` shortcode in all versions up to, and including, 0.2.6. This is due to insufficient input sanitizatio…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5506
|
2026-04-25 03:15 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2357
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wowpress` shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5508
|
2026-04-25 03:15 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2358
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and including, 8.8.3. This is due to …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-4330
|
2026-04-25 03:15 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2359
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Form Header' field in versions up to and including 1.0. This is due to insufficient input…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5169
|
2026-04-25 03:15 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2360
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 6.3.7. This is due to the wpas_get_t…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-4654
|
2026-04-25 03:15 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
