2858620 matches found
IServ Schoolserver User Enumeration
IServ Schoolserver suffers from a user enumeration vulnerability. The vendor does not feel this is an issue...
CVE-2026-11579
The CVE concerns the Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin, affected versions prior to 2.4.17. The vulnerability arises because the plugin does not verify that a file upload is initiated against an existing form configured with a file-upload field. As a result, unauth...
CVE-2026-42936
The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer...
CVE-2026-13385
creationtimestamp| type| source ---|---|--- 2026-07-15 03:00:26+00:00| seen| https://infosec.exchange/users/offseq/statuses/116921756947670961 2026-07-15 03:00:29+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mqnq5cursl2a 2026-07-15 04:04:35+00:00| seen|...
GHSA-F8H2-VMM9-QHJ6 vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
CVE-2026-45591 vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
CVE-2026-47065 vulnerabilities
Vulnerabilities for packages: apache-nifi...
EUVD-2026-44564
Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.
The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed, allowing an attacker to execute arbitrary code.
The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
CVE-2026-48324
creationtimestamp| type| source ---|---|--- 2026-07-14 22:57:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqncl5chk42x 2026-07-14 23:16:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqndm3tvq72b 2026-07-15 06:00:25+00:00| seen|...
CVE-2026-15753
CVE-2026-15753 affects zhinianboke xianyu-auto-reply on Server; the vulnerability concerns the /api/v1/payment/withdraw/review?action=approve endpoint where manipulation can cause the server to trust HTTP permission methods. The patch 19fc3282a1bb78a05c34945c088525d20e081cbd is referenced as a fi...
CVE-2026-48336
Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-50658
creationtimestamp| type| source ---|---|--- 2026-07-14 22:02:42+00:00| seen| https://www.thezdi.com/blog/2026/7/14/the-july-2026-security-update-review 2026-07-15 01:02:14+00:00| seen| https://www.thezdi.com/blog/2026/7/14/the-july-2026-security-update-review...
CVE-2026-54684
CVE-2026-54684 — jadx (Dex to Java decompiler) Affected versions: 1.5.2 to 1.5.5. The vulnerability arises when processing a malicious .xapk file: XApkLoader resolves each entry name directly with tmpDir.resolve(fileName) after a CWD-based ZIP security check, allowing an attacker to write archive...
CVE-2026-50130
CVE-2026-50130 : Pi-hole on versions 6.0–6.4.2 is vulnerable to local privilege escalation from the unprivileged pihole user to root via replacement of /etc/pihole/logrotate. The attack works because the replacement is laundered to root:root by pihole-FTL-prestart.sh and then parsed as root by th...
CVE-2026-48295
CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploitation of this issue does not require user interaction...
CVE-2026-48354
CVE-2026-48354 concerns CAI Content Credentials and describes an Integer Overflow or Wraparound (CWE-190) that could cause an application denial-of-service. Exploitation does not require user interaction and could crash the application. The available documents confirm the impact (availability los...
CVE-2026-45363
CVE-2026-45363 affects the ruby-jwt gem (Ruby implementation of JWT). Prior to versions 2.10.3 and 3.2.0, JWT.decode(token, '', true, algorithm: 'HS256') can accept attacker-forged tokens because OpenSSL::HMAC.digest('SHA256', '', payload) yields a valid digest with an empty key, and empty-key pa...
CVE-2026-48808
Twig’s CVE-2026-48808 describes a sandbox bypass when sandboxing is enabled via SourcePolicyInterface and the CoreExtension::column() filter is used. The issue arises because the column filter passes the active sandbox state as a boolean but does not forward the current Source to SandboxExtension...