886 matches found
EUVD-2026-44647
Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM\Installer. The size bound introduced in 2.0.1 sums the uncompressed size declared in each entry's ZIP central-directory header ZipArchive::statIndex'size' and rejects archives exceeding...
WordPress MailerPress plugin <= 2.0.2 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by anhcd05 in WordPress Plugin MailerPress versions = 2.0.2...
CVE-2026-57757
Unauthenticated Cross Site Request Forgery CSRF in pCloud WP Backup = 2.0.2 versions...
CVE-2026-57757 WordPress pCloud WP Backup plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in pCloud WP Backup = 2.0.2 versions...
PT-2026-55045
Name of the Vulnerable Software and Affected Versions pCloud WP Backup versions prior to 2.0.3 Description An unauthenticated Cross Site Request Forgery CSRF issue exists in the pCloud WP Backup plugin. CSRF is a flaw that allows an attacker to trick a victim into performing actions they did not...
CVE-2026-8403
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Stored XSS. This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.4.0. NOTE: The vendor was contacted and it...
CVE-2026-8402
CVE-2026-8402 describes an SQL injection vulnerability in Eksagate’s SYSGUARD 6001, specifically a blind SQL injection due to improper neutralization of special elements in SQL commands. Affected versions are 2.0.2 up to but not including 6.1.16.0. The vendor reportedly states the product is not ...
PT-2026-48404
Name of the Vulnerable Software and Affected Versions image-size versions prior to 2.0.3 Description A denial of service issue exists where remote attackers can permanently block the Node.js event loop by providing a specially crafted ICNS image buffer. By supplying an ICNS buffer with valid magi...
CVE-2026-49328
Server-Side Request Forgery SSRF in the UrlImageConverter component of Apache Fesod Incubating fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal or otherwise restricted resources via a user-supplied image URL. Users are recommended to upgrade to...
CVE-2026-6508
Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liderahenk: from 2.0.1 before 2.0.2...
CVE-2026-20879
Out-of-bounds write for the IntelR Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data corruption. This result...
CVE-2026-49328 Apache Fesod (Incubating): Improper validation of user-supplied URLs leading to SSRF
Server-Side Request Forgery SSRF in the UrlImageConverter component of Apache Fesod Incubating fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal or otherwise restricted resources via a user-supplied image URL. Users are recommended to upgrade to...
PT-2026-45399
Name of the Vulnerable Software and Affected Versions Apache Fesod Incubating fesod-sheet versions prior to 2.0.2-incubating Description Server-Side Request Forgery SSRF in the UrlImageConverter component allows attackers to trigger outbound network requests to internal or restricted resources by...
CVE-2026-8679
The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handleplaylistendpoint function hooked to templateredirect accepting a user-controlled playlist ID via the audioigniterplaylistid query var or the...
EUVD-2026-31421
The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handleplaylistendpoint function hooked to templateredirect accepting a user-controlled playlist ID via the audioigniterplaylistid query var or the...
CVE-2026-8679
The AudioIgniter WordPress plugin (up to v2.0.2) is affected by an Insecure Direct Object Reference. The handle_playlist_endpoint() function, mounted on template_redirect, accepts a user-controlled playlist ID via the audioigniter_playlist_id query var or the /audioigniter/playlist/{id}/ rewrite,...
CVE-2026-8679
The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handleplaylistendpoint function hooked to templateredirect accepting a user-controlled playlist ID via the audioigniterplaylistid query var or the...
CVE-2026-6871 Obfuscate - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-033
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Obfuscate allows Cross-Site Scripting XSS. This issue affects Obfuscate: from 0.0.0 before 2.0.2...
CVE-2026-6871
CVE-2026-6871 concerns the Drupal Obfuscate module. The issue is an XSS vulnerability caused by improper neutralization of input during web page generation. Affected versions are from 0.0.0 up to, but not including, 2.0.2. The root cause is insufficient sanitization when obfuscated emails are pro...
CVE-2026-6871 Obfuscate - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-033
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Obfuscate allows Cross-Site Scripting XSS. This issue affects Obfuscate: from 0.0.0 before 2.0.2...