A vulnerability marked as critical has been reported in wickedplugins Wicked Folders Plugin up to 4.1.0 on WordPress. Impacted is the function delete_folders. This manipulation causes authorization bypass.
This vulnerability appears as CVE-2026-1883. The attack may be initiated remotely. There is no available exploit.
A vulnerability labeled as critical has been found in wedevs User Frontend Plugin up to 4.2.8 on WordPress. This issue affects the function draft_post. The manipulation of the argument post_id results in missing authorization.
This vulnerability is reported as CVE-2026-2233. The attack can be launched remotely. No exploit exists.
A vulnerability identified as critical has been detected in webaways NEX-Forms Plugin up to 9.1.9 on WordPress. This vulnerability affects the function submit_nex_form. The manipulation of the argument nf_set_entry_update_id leads to authorization bypass.
This vulnerability is documented as CVE-2026-1947. The attack can be initiated remotely. There is not any exploit available.
A vulnerability categorized as problematic has been discovered in GNU Binutils. This affects an unknown part of the component XCOFF Object File Handler. Executing a manipulation can lead to out-of-bounds read.
This vulnerability is registered as CVE-2026-3442. The attack needs to be launched locally. No exploit is available.
A vulnerability was found in GNU Binutils. It has been rated as problematic. Affected by this issue is some unknown functionality of the component XCOFF Object File Handler. Performing a manipulation results in out-of-bounds read.
This vulnerability is cataloged as CVE-2026-3441. The attack must be initiated from a local position. There is no exploit available.
A vulnerability was found in Linux Kernel up to 6.12.23/6.13.11/6.14.2. It has been rated as problematic. Affected by this vulnerability is the function io_req_post_cqe. The manipulation leads to state issue.
This vulnerability is referenced as CVE-2025-23154. The attack needs to be initiated within the local network. No exploit is available.
Upgrading the affected component is advised.
A vulnerability was found in Linux Kernel up to 6.15-rc1. It has been rated as critical. This affects the function do_split of the component ext4. Performing a manipulation results in use after free.
This vulnerability is identified as CVE-2025-23150. The attack can only be performed from the local network. There is not any exploit available.
Upgrading the affected component is advised.
A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.134/6.6.87/6.12.23/6.13.11/6.14.2. Affected is the function mhi_unprepare_from_transfer. This manipulation causes memory corruption.
This vulnerability is tracked as CVE-2025-23151. The attack is only possible within the local network. No exploit exists.
It is suggested to upgrade the affected component.
A vulnerability marked as problematic has been reported in Linux Kernel up to 6.6.87/6.12.23/6.13.11/6.14.2. This affects the function tpm_find_get_ops in the library drivers/i2c/i2c-core.h of the component tpm. Performing a manipulation results in insufficiently random values.
This vulnerability is identified as CVE-2025-23149. The attack can only be performed from the local network. There is not any exploit available.
It is suggested to upgrade the affected component.
A vulnerability was found in Linux Kernel up to 6.1.134/6.6.87/6.12.23/6.13.11/6.14.2. It has been declared as critical. Affected is the function exynos_chipid_probe of the file ice_ptp.c of the component Soc. Executing a manipulation can lead to null pointer dereference.
The identification of this vulnerability is CVE-2025-23148. The attack needs to be done within the local network. There is no exploit available.
It is recommended to upgrade the affected component.