CVE-2026-46733

Dell Display and Peripheral Manager DDPM Windows, versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...

EUVD-2026-39410

Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command...

EUVD-2026-39355

Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass...

PT-2026-52444

Name of the Vulnerable Software and Affected Versions Dell Display and Peripheral Manager DDPM Mac versions prior to 2.3 Description An OS Command Injection issue exists where special elements used in an OS command are not properly neutralized. This allows a low privileged attacker with local...

CVE-2026-44087 Apache APISIX: Openid-connect plugin Identity Header Spoofing

Insufficient Verification of Data Authenticity vulnerability in Apache APISIX. The openid-connect plugin under default configuration has an attack surface that allows the attacker to spoof identity headers allowing the attacker to get unauthorized access the protected resources. This issue affect...

Astra Linux – Vulnerability in advancecomp

It was discovered that Advancecomp v2.3 contains a heap buffer overflow vulnerability...

Astra Linux – Vulnerability in advancecomp

It was discovered that Advancecomp v2.3 contains a segmentation fault...

PT-2026-50884

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 2.3 through 3.16.0 Description The openid-connect plugin under default configuration contains an issue where insufficient verification of data authenticity allows an attacker to spoof identity headers. This can lead to...

CVE-2026-48889 WordPress Amelia plugin <= 2.3 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in Amelia = 2.3 versions...

CVE-2026-48889

The CVE-2026-48889 entry concerns the WordPress Amelia plugin (versions &lt;= 2.3) with a privilege escalation vulnerability affecting subscribers. The attached metrics indicate a high severity (CVSS v3.1 base score 8.8) with network attack vector, low attack complexity, and privileges required a...

CVE-2026-43972 gun HTTP/2 PUSH_PROMISE authority not validated against connection origin allows cross-origin cookie injection

Origin Validation Error vulnerability in ninenines gun gunhttp2 module allows cross-origin cookie injection via unvalidated HTTP/2 PUSHPROMISE authority. In gunhttp2:pushpromiseframe/7, the :authority pseudo-header from an incoming PUSHPROMISE frame is stored verbatim into the promised stream...

WordPress Amelia plugin <= 2.3 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by dodoh4t in WordPress Plugin Amelia versions = 2.3...

CVE-2018-25421

Open STA Manager 2.3 is affected by a path traversal vulnerability that lets authenticated users download arbitrary files by calling modules/backup/actions.php?op=getfile and traversing with ../ sequences to access sensitive system files. Affected component is the Open STA Manager implementation;...

Open STA Manager 路径遍历漏洞

Open STA Manager is an enterprise service management system developed by the Italian company Open STA Manager. Version 2.3 of Open STA Manager contains a path traversal vulnerability. This vulnerability arises from operations using the file parameter, which may allow authenticated users to downlo...

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 CVSS score: 10.0, relates to an instance of incorrect privilege assignment that an attacker could abuse to run arbitrary scripts...

PT-2026-42570

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.0.0 through 9.4.x Description Cross Site Request Forgery CSRF occurs at the 'concrete/controllers/dialog/event/duplicate' endpoint. CSRF is a flaw that allows an attacker to trick a victim into performing actions they d...

Astra Linux - уязвимость в advancecomp

It was discovered that Advancecomp v2.3 contains a heap buffer overflow issue due to the interceptormemcpy component at /sanitizercommon/sanitizercommoninterceptors.inc...

EUVD-2025-209603

IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions...

CVE-2026-7044 GreenCMS index.php themeadd unrestricted upload

A vulnerability was found in GreenCMS up to 2.3. Affected is the function themeadd of the file /index.php?m=admin&c=custom&a=themeadd. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit has been made public and could be used. This vulnerability only...

CVE-2026-7043 GreenCMS index.php pluginAddLocal unrestricted upload

A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Th...