Export limit exceeded: 346701 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346701 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-23348 | 1 Linux | 1 Linux Kernel | 2026-04-24 | 4.7 Medium |
| In the Linux kernel, the following vulnerability has been resolved: cxl: Fix race of nvdimm_bus object when creating nvdimm objects Found issue during running of cxl-translate.sh unit test. Adding a 3s sleep right before the test seems to make the issue reproduce fairly consistently. The cxl_translate module has dependency on cxl_acpi and causes orphaned nvdimm objects to reprobe after cxl_acpi is removed. The nvdimm_bus object is registered by the cxl_nvb object when cxl_acpi_probe() is called. With the nvdimm_bus object missing, __nd_device_register() will trigger NULL pointer dereference when accessing the dev->parent that points to &nvdimm_bus->dev. [ 192.884510] BUG: kernel NULL pointer dereference, address: 000000000000006c [ 192.895383] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS edk2-20250812-19.fc42 08/12/2025 [ 192.897721] Workqueue: cxl_port cxl_bus_rescan_queue [cxl_core] [ 192.899459] RIP: 0010:kobject_get+0xc/0x90 [ 192.924871] Call Trace: [ 192.925959] <TASK> [ 192.926976] ? pm_runtime_init+0xb9/0xe0 [ 192.929712] __nd_device_register.part.0+0x4d/0xc0 [libnvdimm] [ 192.933314] __nvdimm_create+0x206/0x290 [libnvdimm] [ 192.936662] cxl_nvdimm_probe+0x119/0x1d0 [cxl_pmem] [ 192.940245] cxl_bus_probe+0x1a/0x60 [cxl_core] [ 192.943349] really_probe+0xde/0x380 This patch also relies on the previous change where devm_cxl_add_nvdimm_bridge() is called from drivers/cxl/pmem.c instead of drivers/cxl/core.c to ensure the dependency of cxl_acpi on cxl_pmem. 1. Set probe_type of cxl_nvb to PROBE_FORCE_SYNCHRONOUS to ensure the driver is probed synchronously when add_device() is called. 2. Add a check in __devm_cxl_add_nvdimm_bridge() to ensure that the cxl_nvb driver is attached during cxl_acpi_probe(). 3. Take the cxl_root uport_dev lock and the cxl_nvb->dev lock in devm_cxl_add_nvdimm() before checking nvdimm_bus is valid. 4. Set cxl_nvdimm flag to CXL_NVD_F_INVALIDATED so cxl_nvdimm_probe() will exit with -EBUSY. The removal of cxl_nvdimm devices should prevent any orphaned devices from probing once the nvdimm_bus is gone. [ dj: Fixed 0-day reported kdoc issue. ] [ dj: Fix cxl_nvb reference leak on error. Gregory (kreview-0811365) ] | ||||
| CVE-2026-39464 | 2 Seedprod, Wordpress | 2 Coming Soon Page, Under Construction & Maintenance Mode, Wordpress | 2026-04-24 | 5.5 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.8. | ||||
| CVE-2026-39484 | 2 John Darrel, Wordpress | 2 Hide My Wp Ghost, Wordpress | 2026-04-24 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through < 7.0.00. | ||||
| CVE-2026-39521 | 2 Nelio Software, Wordpress | 2 Nelio Content, Wordpress | 2026-04-24 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content nelio-content allows Server Side Request Forgery.This issue affects Nelio Content: from n/a through <= 4.3.1. | ||||
| CVE-2026-34899 | 2 Eniture Technology, Wordpress | 2 Ltl Freight Quotes – Worldwide Express Edition, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in Eniture technology LTL Freight Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.2.1. | ||||
| CVE-2026-34903 | 2 Oceanwp, Wordpress | 2 Ocean Extra, Wordpress | 2026-04-24 | 5.4 Medium |
| Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ocean Extra: from n/a through 2.5.3. | ||||
| CVE-2026-39496 | 2 Wordpress, Yaycommerce | 2 Wordpress, Yaymail | 2026-04-24 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YayMail yaymail allows Blind SQL Injection.This issue affects YayMail: from n/a through <= 4.3.3. | ||||
| CVE-2026-39487 | 2 Ameliabooking, Wordpress | 2 Amelia, Wordpress | 2026-04-24 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ameliabooking Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through <= 2.1.1. | ||||
| CVE-2026-39520 | 2 Wedevs, Wordpress | 2 Wedocs, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weDocs: from n/a through <= 2.1.18. | ||||
| CVE-2026-39506 | 2 Jordy Meow, Wordpress | 2 Ai-engine, Wordpress | 2026-04-24 | 4.3 Medium |
| Missing Authorization vulnerability in Jordy Meow AI Engine (Pro) ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine (Pro): from n/a through < 3.4.2. | ||||
| CVE-2026-39509 | 2 Wordpress, Wpwax | 2 Wordpress, Directorist | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.5.10. | ||||
| CVE-2026-39517 | 2 Awplife, Wordpress | 2 Blog Filter, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: from n/a through <= 1.7.6. | ||||
| CVE-2026-39477 | 2 Brainstormforce, Wordpress | 2 Cartflows, Wordpress | 2026-04-24 | 4.3 Medium |
| Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CartFlows: from n/a through <= 2.2.3. | ||||
| CVE-2026-39488 | 2 Surecart, Wordpress | 2 Surecart, Wordpress | 2026-04-24 | 6.3 Medium |
| Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SureCart: from n/a through <= 4.0.2. | ||||
| CVE-2026-39526 | 2 Wordpress, Wpstream | 2 Wordpress, Wpstream | 2026-04-24 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through < 4.11.2. | ||||
| CVE-2026-34887 | 2 Extendthemes, Wordpress | 2 Kubio Ai Page Builder, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Kubio AI Page Builder allows Stored XSS.This issue affects Kubio AI Page Builder: from n/a through 2.7.0. | ||||
| CVE-2026-34889 | 2 Brainstormforce, Wordpress | 2 Ultimate Addons For Wpbakery Page Builder, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows DOM-Based XSS.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a before 3.21.4. | ||||
| CVE-2026-34896 | 2 Analytify, Wordpress | 2 Under Construction, Coming Soon & Maintenance Mode, Wordpress | 2026-04-24 | 7.5 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Analytify Under Construction, Coming Soon & Maintenance Mode allows Cross Site Request Forgery.This issue affects Under Construction, Coming Soon & Maintenance Mode: from n/a through 2.1.1. | ||||
| CVE-2026-39466 | 2 Wordpress, Wpmu Dev - Your All-in-one Wordpress Platform | 2 Wordpress, Broken Link Checker | 2026-04-24 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Broken Link Checker broken-link-checker allows Blind SQL Injection.This issue affects Broken Link Checker: from n/a through <= 2.4.7. | ||||
| CVE-2026-39469 | 2 Softaculous, Wordpress | 2 Pagelayer, Wordpress | 2026-04-24 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Softaculous PageLayer pagelayer allows Retrieve Embedded Sensitive Data.This issue affects PageLayer: from n/a through <= 2.0.8. | ||||