| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability in reputeinfosystems ARMember armember-membership.This issue affects ARMember: from n/a through <= 3.4.11. |
| A vulnerability in narolainfotech Export Users Data Distinct export-users-data-distinct.This issue affects Export Users Data Distinct: from n/a through <= 1.3. |
| A vulnerability in Noptin Newsletter Team Noptin newsletter-optin-box.This issue affects Noptin: from n/a through <= 1.9.5. |
| A vulnerability in WebToffee Product Reviews Import Export for WooCommerce product-reviews-import-export-for-woocommerce.This issue affects Product Reviews Import Export for WooCommerce: from n/a through <= 1.4.8. |
| A vulnerability in Gemini Labs Site Reviews site-reviews.This issue affects Site Reviews: from n/a through <= 6.2.0. |
| A vulnerability in integrationdevpaytm Paytm Payment Gateway paytm-payments.This issue affects Paytm Payment Gateway: from n/a through <= 2.7.3. |
| A vulnerability in VeronaLabs Slimstat Analytics wp-slimstat.This issue affects Slimstat Analytics: from n/a through <= 5.0.4. |
| A vulnerability in Scott Reilly Commenter Emails commenter-emails.This issue affects Commenter Emails: from n/a through <= 2.6.1. |
| A vulnerability in 8blocks 1003 Mortgage Application 1003-mortgage-application.This issue affects 1003 Mortgage Application: from n/a through <= 1.75. |
| A vulnerability in Pär Thernström Simple History simple-history.This issue affects Simple History: from n/a through <= 3.3.1. |
| A vulnerability in anmari amr users amr-users.This issue affects amr users: from n/a through <= 4.59.4. |
| A vulnerability in Patrick Robrecht Posts and Users Stats posts-and-users-stats.This issue affects Posts and Users Stats: from n/a through <= 1.1.3. |
| A vulnerability in Duke Simple CSV/XLS Exporter simple-csv-xls-exporter.This issue affects Simple CSV/XLS Exporter: from n/a through <= 1.5.8. |
| A vulnerability in Kaushik Export Users Data CSV export-users-data-csv.This issue affects Export Users Data CSV: from n/a through <= 2.1. |
| A vulnerability in Masahiro NAKASHIMA WP CSV Exporter wp-csv-exporter.This issue affects WP CSV Exporter: from n/a through <= 2.0. |
| The Fan Control application V251 contains an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, which can be exploited by a local attacker to perform actions with administrator-level privileges. |
| mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the backend database can achieve system command execution by uploading an attachment and modifying its storage path in the database to reference an attacker-controlled remote network resource. Alternatively, it is possible to use a previously uploaded file and change its reference. When the application processes the attachment, and a user tries to open it, the referenced resource is executed by the system.
Critically, this vulnerability can be exploited by any unauthenticated attacker by chaining it with CVE-2026-40550 and CVE-2026-40551, which allows obtaining database access, and logging onto any account.
This issue affects mpGabinet version 23.12.19 and below. |
| In the Linux kernel, the following vulnerability has been resolved:
spi: spi-fsl-lpspi: fix teardown order issue (UAF)
There is a teardown order issue in the driver. The SPI controller is
registered using devm_spi_register_controller(), which delays
unregistration of the SPI controller until after the fsl_lpspi_remove()
function returns.
As the fsl_lpspi_remove() function synchronously tears down the DMA
channels, a running SPI transfer triggers the following NULL pointer
dereference due to use after free:
| fsl_lpspi 42550000.spi: I/O Error in DMA RX
| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
[...]
| Call trace:
| fsl_lpspi_dma_transfer+0x260/0x340 [spi_fsl_lpspi]
| fsl_lpspi_transfer_one+0x198/0x448 [spi_fsl_lpspi]
| spi_transfer_one_message+0x49c/0x7c8
| __spi_pump_transfer_message+0x120/0x420
| __spi_sync+0x2c4/0x520
| spi_sync+0x34/0x60
| spidev_message+0x20c/0x378 [spidev]
| spidev_ioctl+0x398/0x750 [spidev]
[...]
Switch from devm_spi_register_controller() to spi_register_controller() in
fsl_lpspi_probe() and add the corresponding spi_unregister_controller() in
fsl_lpspi_remove(). |
| Improper
access control in the vault documentation feature in Devolutions Server
2026.1.14.0 and earlier allows an authenticated attacker to read documentation content from unauthorized vaults via a crafted API request. |
| In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message. |
