A Reflected Cross-Site Scripting (XSS) vulnerability exists in the G5Theme Handmade Framework WordPress plugin through version 3.9, allowing attackers to inject malicious scripts into web pages viewed by other users. The vulnerability stems from improper neutralization of user input during web page generation, classified under CWE-79. Attackers can craft malicious URLs containing JavaScript payloads that execute in victims' browsers when clicked, potentially leading to session hijacking, credential theft, or malware distribution.
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the WordPress plugin 'My auctions allegro' (free edition) through version 3.6.35, allowing attackers to inject malicious scripts into web pages viewed by victims. An unauthenticated attacker can craft a malicious URL containing JavaScript code that executes in the victim's browser when clicked, potentially stealing session cookies, redirecting users, or performing actions on behalf of the user. No CVSS score, EPSS score, or KEV status has been assigned, and patch availability status is unclear, though the vulnerability was identified and reported by Patchstack security researchers.
G5Theme Zorka WordPress theme versions up to and including 1.5.7 contain a Reflected Cross-Site Scripting (XSS) vulnerability that fails to properly neutralize user input during web page generation. An attacker can craft a malicious URL containing JavaScript payload and trick users into clicking it, allowing the attacker to execute arbitrary JavaScript in the victim's browser session, potentially stealing session cookies, credentials, or performing actions on behalf of the user. No CVSS score, EPSS probability, or KEV status has been assigned, but the vulnerability is confirmed by Patchstack with a clear attack vector.
An information disclosure vulnerability exists in n8n workflow automation software when Task Runners are enabled, allowing authenticated users with workflow creation or modification permissions to allocate uninitialized memory buffers through the JavaScript Task Runner. These buffers may contain residual data from the same Node.js process including secrets, tokens, and data from prior requests, leading to sensitive information exposure. This vulnerability requires CVE-2026-27496 has a CVSS 4.0 score of 7.1 with high confidentiality impact and affects npm package installations of n8n.
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the eyecix JobSearch WordPress plugin through version 3.2.0, allowing attackers to inject malicious scripts into web pages viewed by users. The vulnerability affects all installations of the JobSearch plugin up to and including version 3.2.0, enabling attackers to steal session cookies, perform unauthorized actions on behalf of users, or redirect users to malicious sites. No active exploitation in the wild has been publicly confirmed, though the vulnerability is documented in Patchstack's vulnerability database.
A metadata validation vulnerability in the Linux kernel's Squashfs filesystem implementation allows out-of-bounds memory access when processing corrupted or malicious filesystem images. Specifically, a negative metadata block offset derived from a corrupted index lookup table is passed to squashfs_copy_data without bounds checking, causing a general protection fault. Any Linux system mounting an untrusted Squashfs image is affected, potentially enabling denial of service or information disclosure attacks, though no active exploitation in the wild is currently documented.
A descriptor validation bypass in the Linux kernel's ALSA USB audio subsystem allows malicious USB devices to provide truncated UAC3 (USB Audio Class 3) header descriptors that escape validation checks, potentially causing out-of-bounds memory reads. The vulnerability stems from an incorrect protocol version constant (UAC_VERSION_2 instead of UAC_VERSION_3) in the validator table, causing validation logic to never execute for actual UAC3 devices. Affected are all Linux kernel versions containing the vulnerable code path; while CVSS and EPSS scores are not provided, this is a local privilege escalation / denial of service vector requiring physical USB device access or local code execution capability to exploit.
An out-of-bounds (OOB) memory access vulnerability exists in the Linux kernel's mt76 WiFi driver, specifically in the mt76_connac2_mac_write_txwi_80211() function which fails to validate frame length before accessing management frame fields. This affects all Linux kernel versions containing the vulnerable mt76 driver code and could allow an attacker to read sensitive kernel memory or trigger a denial of service through a specially crafted WiFi management frame. The vulnerability has been patched across multiple stable kernel branches with fixes available since the issue was identified.
Apple's iOS, iPadOS, macOS, tvOS, and watchOS contain a use-after-free vulnerability that could allow a local attacker to corrupt kernel memory or cause unexpected system crashes. An installed application can trigger this memory corruption flaw through user interaction, potentially leading to denial of service or unauthorized kernel-level modifications. No patch is currently available for this vulnerability (CVSS 7.1).
An out-of-bounds (OOB) memory access vulnerability exists in the Linux kernel's MediaTek MT7925 WiFi driver in the mt7925_mac_write_txwi_80211() function, which fails to validate frame length before accessing management frame fields. This vulnerability affects systems running Linux kernel versions with the vulnerable MT7925 driver code and could allow an attacker with local access or the ability to craft malicious wireless frames to read or write out-of-bounds memory, potentially leading to information disclosure or denial of service. While no CVSS score, EPSS data, or active exploitation reports are currently documented, the vulnerability has been patched across multiple stable Linux kernel branches as indicated by four distinct commit references.
A buffer over-read vulnerability exists in the Linux kernel's CXL mailbox command handler where the cxl_payload_from_user_allowed() function casts and dereferences user-supplied payload data without first validating its size. An unprivileged local attacker can send a raw mailbox command with an undersized payload (e.g., 1 byte instead of the expected 16 bytes for CXL_MBOX_OP_CLEAR_LOG) to trigger a kernel memory read past the allocated buffer, causing a KASAN splat and potential denial of service. While not yet listed in the KEV catalog or with public EPSS/CVSS scoring, patch commits are available in the Linux stable kernel repositories, indicating the vulnerability has been resolved upstream.
An out-of-bounds (OOB) memory access vulnerability exists in the Linux kernel's MediaTek MT7996 WiFi driver (mt76) within the mt7996_mac_write_txwi_80211() function. The vulnerability occurs when the function accesses management frame fields without first validating the frame length, potentially allowing information disclosure or denial of service on systems using affected MT7996 hardware. Multiple stable kernel patches are available across several kernel versions, indicating the issue has been actively remediated in the upstream Linux project.
WP Configurator Pro contains a missing authorization vulnerability (CWE-862) that allows attackers to bypass access controls and exploit incorrectly configured security levels within the plugin. All versions of WP Configurator Pro through version 3.7.9 are affected. An attacker can gain unauthorized access to sensitive configuration functions and data by circumventing the broken access control mechanisms, potentially compromising WordPress site integrity and confidentiality.
The Grid WordPress plugin versions prior to 2.8.0 contain a missing authorization vulnerability (CWE-862) that allows attackers to exploit incorrectly configured access control security levels. This broken access control flaw enables unauthorized users to bypass authentication mechanisms and access functionality or data they should not have permission to reach. While no CVSS score or EPSS data is currently available, the vulnerability has been documented by Patchstack and assigned ENISA EUVD ID EUVD-2026-15563, indicating active tracking by vulnerability databases.
Out-of-bounds memory access in the Linux kernel's accel/rocket DRM driver allows local authenticated users to trigger denial of service and potential information disclosure during probe failure paths. The flaw stems from improper error unwinding in rocket_probe() when rocket_core_init() fails (notably on EPROBE_DEFER), leaving stale counter state that subsequent code dereferences out of bounds. No public exploit identified at time of analysis, and EPSS scores exploitation likelihood at 0.02% (4th percentile), consistent with a hardware-driver-specific issue requiring local access.
Improper bounds checking in Apple macOS (Sequoia 15.7.4 and earlier, Sonoma 14.8.4 and earlier, Tahoe 26.3 and earlier) permits a local attacker to write out-of-bounds memory through a malicious application, potentially allowing modification of protected filesystem areas. The vulnerability requires user interaction to execute the malicious app and affects the file system's integrity rather than confidentiality. No patch is currently available for this out-of-bounds write condition.
IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 store user credentials and other sensitive information in plain text, allowing local users to read this data. This is a high-severity information disclosure vulnerability with a CVSS score of 7.1, primarily due to the potential for complete confidentiality breach across security boundaries. A patch is available from IBM, and there is no evidence of active exploitation or public proof-of-concept at this time.
This vulnerability is a race condition in the Linux kernel's BPF devmap subsystem that occurs on PREEMPT_RT kernels, where per-CPU bulk queue structures can be accessed concurrently by multiple preemptible tasks on the same CPU. An attacker or unprivileged local process can trigger use-after-free, double-free, or memory corruption conditions by crafting specific XDP (eXpress Data Path) redirect operations that cause concurrent access to shared queue structures, potentially leading to kernel crashes, information disclosure, or privilege escalation. The vulnerability affects all Linux kernel versions with the vulnerable devmap code path and has been patched upstream, though CVSS and EPSS scores are not yet assigned and no public exploit or KEV status is currently documented.