VulnCheck KEV: CVE-2026-5426

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks...

CVE-2026-5426

creationtimestamp| type| source ---|---|--- 2026-04-16 18:04:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjmymffdvg2t 2026-04-17 00:00:41+00:00| seen| https://infosec.exchange/users/offseq/statuses/116417104416675988 2026-04-17 00:00:42+00:00| seen|...

MINI-R87V-5426-7Q35

Bulletin has no description...

CVE-2025-5426

A vulnerability was found in juzaweb CMS up to 3.4.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-cp/menus of the component Menu Page. The manipulation leads to improper access controls. The attack can be launched remotely. The...

CVE-2025-5426

Juzaweb CMS up to version 3.4.2 contains a vulnerability in the Menu Page component, specifically an issue with improper access controls on the file /admin-cp/menus. The documented impact is remote exploitation with an attacker able to manipulate access controls, enabling unauthorized actions. Mu...

CVE-2023-5426

The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdmwpdeleteusermeta, pmdmwpdeletetermmeta, and pmdmwpajaxdeletemeta functions in versions up to, and including, 1.2.0. This makes it possible for...

CGA-CM3W-5426-XG9M

Bulletin has no description...

CVE-2024-5426 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘svg’ parameter in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

WordPress Photo Gallery by 10Web Plugin <= 1.8.23 is vulnerable to Cross Site Scripting (XSS)

Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.23 Fixed in 1.8.24 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5426 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5c5bb3f62973 Credits Tobias Weißhaar...

CGA-V9HM-5426-VRFX

Bulletin has no description...

CVE-2023-5426

creationtimestamp| type| source ---|---|--- 2023-10-28 16:17:49+00:00| seen| https://t.me/cibsecurity/73106...

CVE-2023-5426

The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdmwpdeleteusermeta, pmdmwpdeletetermmeta, and pmdmwpajaxdeletemeta functions in versions up to, and including, 1.2.0. This makes it possible for...

CVE-2023-5426

CVE-2023-5426 affects the WordPress plugin Post Meta Data Manager (versions ≤ 1.2.0). A missing capability check in functions pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta, and pmdm_wp_ajax_delete_meta allows unauthenticated attackers to delete user, term, and post meta belonging to arbitrar...

WordPress Post Meta Data Manager Plugin <= 1.2.0 is vulnerable to Broken Access Control

Software Post Meta Data Manager Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5426 Patch priority Medium CVSS severity Medium 7.5 Developer Claim ownership PSID a003d34ca1b2 Credits Francesco Carlucc...

Debian DSA-5426-1 : owslib - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5426 advisory. - OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML...

Debian: Security Advisory (DLA-627-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2016-5426

PowerDNS aka pdns Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service backend CPU consumption via a long qname...

SUSE CVE-2017-5426

On Linux, if the secure computing mode BPF seccomp-bpf filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox. Note:...

Security Bulletin: Session Fixation Vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition (CVE-2013-5426)

Abstract An unspecified vulnerability in IBM InfoSphere Master Data Management – Collaborative Edition might allow an attacker to gain unauthorized access to a user's session. An attacker with access to a user's open browser before the user authenticates with the IBM InfoSphere Master Data...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : needrestart vulnerability (USN-5426-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5426-1 advisory. Jakub Wilk discovered that needrestart incorrectly used some regular expressions. A local attacker could possibly use this issue to execut...