32018 matches found
CVE-2026-33055 affecting package rust for versions less than 1.90.0-7
CVE-2026-33055 affecting package rust for versions less than 1.90.0-7. A patched version of the package is available...
CVE-2026-39811
A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow attacker to denial of service via...
capstone security update
5.0.1-7 - Fix CVE-2025-67873 heap buffer overflow Resolves: RHEL-141551 - Fix CVE-2025-68114 memory corruption Resolves: RHEL-137747...
WordPress plugin Accept PayPal Payments using Contact Form 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...
PT-2026-31179
Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JW Player for WordPress: from n/a through = 2.3.6...
Oracle Linux 7 : libvpx (ELSA-2026-5320)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-5320 advisory. - Fixes heap buffer overflow in libvpx CVE-2026-2447 Orabug: 39112729 Tenable has extracted the preceding description block directly from the Oracle Linux...
CVE-2026-25541 affecting package netavark for versions less than 1.10.3-7
CVE-2026-25541 affecting package netavark for versions less than 1.10.3-7. A patched version of the package is available...
airflow-aggua-plugin (>=1.0.7 <=1.0.8), airflow-clickhouse-plugin (>=0.5.1 <=0.5.7.post1) +108 more potentially affected by CVE-2026-32794 via apache-airflow (>=1.10.1 <=1.10.7)
apache-airflow PYPI version =1.10.1, =1.0.7, =0.5.1, =0.1.0, =0.1.1, =0.0.7, =1.0.1, =0.0.1, =0.1.6, =0.0.2, =1.0.0, =1.2.1, =2020.5.20rc1, =2021.2.5, =2021.3.13rc1 and more Source cves: CVE-2026-32794 Source advisory: OSV:GHSA-WRPJ-755P-X363...
Information Exposure
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Information Exposure via the verifyPassword endpoint. An attacker can obtain sensitive authentication data, such as MFA TOTP...
4coders-commons (>=0.0.1 <=0.0.2), @11ty/eleventy (=0.3.3) +3644 more potentially affected by CVE-2026-33940 via handlebars (>=4.0.0 <=4.7.8)
handlebars NPM version =4.0.0, =0.0.1, =0.1.0, =0.1.0, =0.0.11, =0.0.52, =0.1.0, =0.0.72, =0.1.0, =1.1.1, =0.0.0-3b548b7bf6ff6554f724240da3a11be924237e6c, =1.16.0, =1.16.0, =1.16.0, =2.4.4 and more Source cves: CVE-2026-33940 Source advisory: OSV:GHSA-XHPV-HC6G-R9C6...
CVE-2026-0748
In the Drupal 7 Internationalization i18n module, the i18nnode submodule allows a user with both "Translate content" and "Administer content translations" permissions to view and attach unpublished nodes via the translation UI and its autocomplete widget. This bypasses intended access controls an...
CVE-2026-32527 WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-insightly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Insightly for Contact Form 7, WPForms, Elementor, Formidable...
WordPress plugin Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be integrated...
WordPress plugin Spam Protect for Contact Form 路径遍历漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
WordPress Spam Protect for Contact Form 7 plugin <= 1.2.9 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by Andrea Bocchetti in WordPress Plugin Spam Protect for Contact Form 7 versions = 1.2.9...
CVE-2026-29099 SuiteCRM has Authenticated Blind SQL Injection in OutboundEmail Legacy Functionality.
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the retrieve function in include/OutboundEmail/OutboundEmail.php fails to properly neutralize the user controlled $id parameter. It is assumed that the...
Oracle Linux 7 : python-pyasn1 (ELSA-2026-4148)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-4148 advisory. 0.1.9-7.0.1 - Fixes CVE-2026-23490 fixes potential memory exhaustion Orabug: 39060516 Tenable has extracted the preceding description block directly from the...
@01.software/cli (>=0.1.1 <=0.2.0-dev.260310.cf511cb), @01.software/sdk (>=0.0.1-251008.90016 <=0.3.0) +399 more potentially affected by CVE-2026-1526 via undici (>=7.0.0-alpha.3 <=7.22.0)
undici NPM version =7.0.0-alpha.3, =0.1.1, =0.0.1-251008.90016, =0.0.6, =0.0.1, =0.0.2, =0.1.0, =0.0.33, =0.0.1, =1.0.0, =21.0.0, =0.5.0, =1.0.1, =2.8.7 and more Source cves: CVE-2026-1526 Source advisory: SNYK:JS-UNDICI-15518068...
CVE-2025-12690
Execution with unnecessary privileges in Forcepoint NGFW Engine allows local privilege escalation.This issue affects NGFW Engine through 6.10.19, through 7.3.0, through 7.2.4, through 7.1.10...
Ubuntu: Security Advisory (USN-8060-7)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...