|
691
|
- |
|
-
|
-
|
A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgv_cmd in an unlocked ioctl handler could be exploited by an atta…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2025-52532
|
2026-05-15 23:10 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
692
|
- |
|
-
|
-
|
Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resu…
|
CWE-1189
|
CVE-2025-54518
|
2026-05-15 23:10 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
693
|
- |
|
-
|
-
|
Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in lo…
|
CWE-1327
Binding to an Unrestricted IP Address
|
CVE-2026-0481
|
2026-05-15 23:10 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
694
|
6.8 |
MEDIUM
Network
|
pyload-ng_project
|
pyload-ng
|
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates …
|
CWE-295
CWE-306
CWE-863
Improper Certificate Validation
Missing Authentication for Critical Function
Incorrect Authorization
|
CVE-2026-42312
|
2026-05-15 23:09 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
695
|
8.1 |
HIGH
Network
|
-
|
-
|
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'admin_head' function in all versions up…
|
CWE-862
Missing Authorization
|
CVE-2026-4094
|
2026-05-15 23:09 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
696
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The The7 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'dt_default_button' shortcode in all versions up to, and including, 14.3.2. This is due to insufficient input sanitiz…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6646
|
2026-05-15 23:09 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
697
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all versions up to, and …
|
CWE-862
Missing Authorization
|
CVE-2026-4683
|
2026-05-15 23:09 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
698
|
7.5 |
HIGH
Network
|
-
|
-
|
The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckply_zip_theme() function, which …
|
CWE-22
Path Traversal
|
CVE-2026-6403
|
2026-05-15 23:09 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
699
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON …
|
CWE-79
Cross-site Scripting
|
CVE-2026-6415
|
2026-05-15 23:09 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
700
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'table' parameter in all versions up to, and including, 9.1.12 due to …
|
CWE-89
SQL Injection
|
CVE-2026-7046
|
2026-05-15 23:09 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
