560 matches found
CVE-2026-9731
The Wp Js Detect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.9. This is due to missing or incorrect nonce validation on the pluginsettings function. This makes it possible for unauthenticated attackers to update the plugin's...
CVE-2026-9731 Wp Js Detect <= 1.0.9 - Cross-Site Request Forgery to Plugin Settings Update
The Wp Js Detect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.9. This is due to missing or incorrect nonce validation on the pluginsettings function. This makes it possible for unauthenticated attackers to update the plugin's...
WP Sessions Time Monitoring Full Automatic <= 1.0.8 - SQL Injection
The WP Sessions Time Monitoring Full Automatic plugin for WordPress is vulnerable to SQL Injection via request parameters in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...
EUVD-2026-37643
Unauthenticated Privilege Escalation in Registration Form for WooCommerce = 1.0.9 versions...
EUVD-2024-55628
Subscriber Arbitrary File Upload in Grip = 1.0.9 versions...
CVE-2026-54807
Unauthenticated Privilege Escalation in Registration Form for WooCommerce = 1.0.9 versions...
CVE-2026-39529
Unauthenticated PHP Object Injection in Elementra = 1.0.9 versions...
CVE-2024-52488
CVE-2024-52488 affects WordPress Grip theme (versions ≤ 1.0.9). The issue is an Arbitrary Plugin Activation/Deactivation vulnerability leading to RCE, requiring Subscriber privileges. Patch status is not clearly available in the provided docs; Patchstack indicates high risk with a potential explo...
CVE-2024-52488 WordPress Grip theme <= 1.0.9 - Arbitrary Plugin Activation/Deactivation to RCE vulnerability
Subscriber Arbitrary File Upload in Grip = 1.0.9 versions...
CVE-2026-39529 WordPress Elementra theme <= 1.0.9 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Elementra = 1.0.9 versions...
CVE-2026-39529
The CVE identifies an unauthenticated PHP Object Injection in WordPress Elementra theme
EUVD-2026-36796
In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0...
CVE-2026-42761
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.0...
EUVD-2024-55607
Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process. Attackers with access to the hospital network ca...
CVE-2024-14036 Dräger Core 1.0.5 Denial of Service via Malformed SDC Message
Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process. Attackers with access to the hospital network ca...
WordPress Active Products Tables for WooCommerce plugin <= 1.0.9 - SQL Injection vulnerability
SQL Injection vulnerability discovered by hhhai in WordPress Plugin Active Products Tables for WooCommerce versions = 1.0.9...
CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2
bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash denial of service. This issue was fixed in bzip2...
CVE-2026-42250
bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash denial of service. This issue was fixed in bzip2...
CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2
bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash denial of service. This issue was fixed in bzip2...
EUVD-2026-32898
bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash denial of service. This issue was fixed in bzip2...