CVE

Cross-Site Request Forgery (CSRF) vulnerability in Guillemant David WP Full Auto Tags Manager plugin <= 2.2 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier bbPress Toolkit plugin <= 1.0.12 versions.

Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Hide Login plugin <= 2.1.6 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Benedict B., Maciej Gryniuk Hyphenator plugin <= 5.1.5 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Web_Trendy WP Custom Cursors | WordPress Cursor Plugin plugin < 3.2 versions.

Cross-Site Request Forgery (CSRF) vulnerability in LOKALYZE CALL ME NOW plugin <= 3.0 versions.

HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.

A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.

Cross-Site Request Forgery (CSRF) vulnerability in Alex Raven WP Report Post plugin <= 2.1.2 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Kenth Hagström WP-Cache.Com plugin <= 1.1.1 versions.