58 matches found
CVE-2026-34267 affecting package mysql for versions less than 8.0.46-1
CVE-2026-34267 affecting package mysql for versions less than 8.0.46-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-34303 affecting package mysql for versions less than 8.0.46-1
CVE-2026-34303 affecting package mysql for versions less than 8.0.46-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-22004 affecting package mysql for versions less than 8.0.46-1
CVE-2026-22004 affecting package mysql for versions less than 8.0.46-1. An upgraded version of the package is available that resolves this issue...
CVE-2025-58190 affecting package cf-cli for versions less than 8.7.11-5
CVE-2025-58190 affecting package cf-cli for versions less than 8.7.11-5. A patched version of the package is available...
CVE-2025-30204 affecting package cf-cli for versions less than 8.4.0-27
CVE-2025-30204 affecting package cf-cli for versions less than 8.4.0-27. A patched version of the package is available...
CVE-2026-1317
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the filename parameter which is stored in the database during file upload and later used in raw SQL queri...
CVE-2026-1317
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the filename parameter which is stored in the database during file upload and later used in raw SQL queri...
CVE-2026-1317 WP Import – Ultimate CSV XML Importer for WordPress <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the filename parameter which is stored in the database during file upload and later used in raw SQL queri...
CVE-2026-1317 WP Import – Ultimate CSV XML Importer for WordPress <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the filename parameter which is stored in the database during file upload and later used in raw SQL queri...
CVE-2026-21964 affecting package mysql for versions less than 8.0.45-1
CVE-2026-21964 affecting package mysql for versions less than 8.0.45-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-21937 affecting package mysql for versions less than 8.0.45-1
CVE-2026-21937 affecting package mysql for versions less than 8.0.45-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-21941 affecting package mysql for versions less than 8.0.45-1
CVE-2026-21941 affecting package mysql for versions less than 8.0.45-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-21948 affecting package mysql for versions less than 8.0.45-1
CVE-2026-21948 affecting package mysql for versions less than 8.0.45-1. An upgraded version of the package is available that resolves this issue...
WordPress WP eStore plugin < 8.5.5 - Reflected XSS in Customer Editing vulnerability
Reflected XSS in Customer Editing vulnerability discovered by Bob Matyas in WordPress Plugin WP eStore versions 8.5.5...
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation
A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...
EUVD-2026-3148
The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection XXE in all versions up to, and including, 2.0.9 via the SVG file upload functionality. This makes it possible for authenticated attackers, with Author-level access and above, to achieve code execution in...
CVE-2025-14478 Demo Importer Plus <= 2.0.9 - Authenticated (Author+) Blind XML External Entity Injection via SVG File Upload
The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection XXE in all versions up to, and including, 2.0.9 via the SVG file upload functionality. This makes it possible for authenticated attackers, with Author-level access and above, to achieve code execution in...
CVE-2025-14478
The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection XXE in all versions up to, and including, 2.0.9 via the SVG file upload functionality. This makes it possible for authenticated attackers, with Author-level access and above, to achieve code execution in...
CVE-2025-14177 affecting package php for versions less than 8.3.29-1
CVE-2025-14177 affecting package php for versions less than 8.3.29-1. A patched version of the package is available...
Exploit for Improperly Implemented Security Check for Standard in Fortinet Fortiproxy
watchTowr-vs-Fortiweb-AuthBypass Detection Artifact Generator...