|
381
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
dm: clear cloned request bio pointer when last clone bio completes
Stale rq->bio values have been observed to cause double-initia…
New
|
-
|
CVE-2026-43278
|
2026-05-6 22:07 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
382
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Add sanity check for OOB writes at silencing
At silencing the playback URB packets in the implicit fb mode befor…
New
|
-
|
CVE-2026-43279
|
2026-05-6 22:07 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
383
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Add bounds check on pat_index to prevent OOB kernel read in madvise
When user provides a bogus pat_index value through th…
New
|
-
|
CVE-2026-43280
|
2026-05-6 22:07 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
384
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mp_pix_image' WooCommerce API endpoint in all ver…
New
|
CWE-862
Missing Authorization
|
CVE-2026-3208
|
2026-05-6 22:06 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
385
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.83. This is due to the 'Ai1wmve_Schedules_Controller::s…
New
|
CWE-862
Missing Authorization
|
CVE-2026-5753
|
2026-05-6 22:06 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
386
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to unauthorized database table creation due to missing authorization checks on the `createFluentCartTable` function in al…
New
|
CWE-862
Missing Authorization
|
CVE-2026-2306
|
2026-05-6 22:06 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
387
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.2.7. This is due to…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-6672
|
2026-05-6 22:06 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
388
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments() method of EmailNo…
New
|
CWE-22
Path Traversal
|
CVE-2026-6344
|
2026-05-6 22:06 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
389
|
7.2 |
HIGH
Network
|
-
|
-
|
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'booking_form_page_url' parameter in all versions up to, …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-7332
|
2026-05-6 22:06 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
390
|
7.2 |
HIGH
Network
|
-
|
-
|
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'first_name' parameter in all versions up to, and includi…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-7448
|
2026-05-6 22:06 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
