66 matches found
CVE-2026-8705
The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the pagsegurometodo POST parameter of the clearsaletotalpush AJAX action in all versions up to, and including, 3.4.2. The handler is registered for unauthenticated users wpajaxnoprivclearsaletotalpush, and although a...
EUVD-2026-38672
The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the pagsegurometodo POST parameter of the clearsaletotalpush AJAX action in all versions up to, and including, 3.4.2. The handler is registered for unauthenticated users wpajaxnoprivclearsaletotalpush, and although a...
CVE-2026-8705 ClearSale Total <= 3.4.2 - Unauthenticated SQL Injection
The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the pagsegurometodo POST parameter of the clearsaletotalpush AJAX action in all versions up to, and including, 3.4.2. The handler is registered for unauthenticated users wpajaxnoprivclearsaletotalpush, and although a...
PT-2026-51686
Name of the Vulnerable Software and Affected Versions ClearSale Total versions prior to 3.4.3 Description An issue exists in the clearsale total push AJAX action where the pagsegurometodo POST parameter is not properly sanitized. The handler is accessible to unauthenticated users via wp ajax nopr...
CVE-2026-20260
In Splunk SOAR Security Orchestration, Automation, and Response versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute ANSI escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might...
CVE-2026-6276 affecting package curl for versions less than 8.11.1-7
CVE-2026-6276 affecting package curl for versions less than 8.11.1-7. A patched version of the package is available...
CVE-2026-23631 affecting package valkey for versions less than 8.0.9-1
CVE-2026-23631 affecting package valkey for versions less than 8.0.9-1. A patched version of the package is available...
CVE-2026-25243 affecting package valkey for versions less than 8.0.9-1
CVE-2026-25243 affecting package valkey for versions less than 8.0.9-1. A patched version of the package is available...
CVE-2026-22004 affecting package mysql for versions less than 8.0.46-1
CVE-2026-22004 affecting package mysql for versions less than 8.0.46-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-34303 affecting package mysql for versions less than 8.0.46-1
CVE-2026-34303 affecting package mysql for versions less than 8.0.46-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-34267 affecting package mysql for versions less than 8.0.46-1
CVE-2026-34267 affecting package mysql for versions less than 8.0.46-1. An upgraded version of the package is available that resolves this issue...
CVE-2025-58190 affecting package cf-cli for versions less than 8.7.11-5
CVE-2025-58190 affecting package cf-cli for versions less than 8.7.11-5. A patched version of the package is available...
CVE-2025-30204 affecting package cf-cli for versions less than 8.4.0-27
CVE-2025-30204 affecting package cf-cli for versions less than 8.4.0-27. A patched version of the package is available...
CVE-2026-1317
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the filename parameter which is stored in the database during file upload and later used in raw SQL queri...
CVE-2026-1317
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the filename parameter which is stored in the database during file upload and later used in raw SQL queri...
CVE-2026-1317 WP Import – Ultimate CSV XML Importer for WordPress <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the filename parameter which is stored in the database during file upload and later used in raw SQL queri...
CVE-2026-1317 WP Import – Ultimate CSV XML Importer for WordPress <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the filename parameter which is stored in the database during file upload and later used in raw SQL queri...
CVE-2026-21964 affecting package mysql for versions less than 8.0.45-1
CVE-2026-21964 affecting package mysql for versions less than 8.0.45-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-21937 affecting package mysql for versions less than 8.0.45-1
CVE-2026-21937 affecting package mysql for versions less than 8.0.45-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-21948 affecting package mysql for versions less than 8.0.45-1
CVE-2026-21948 affecting package mysql for versions less than 8.0.45-1. An upgraded version of the package is available that resolves this issue...