219073 matches found
GHSA-HVCG-QMG6-JM4C Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted
Summary Before reading the first request-line, HttpObjectDecoder skips every byte for which Character.isISOControlb is true 0x00–0x1F and 0x7F as well as all whitespace. RFC 9112 §2.2 only asks servers to ignore empty CRLF lines preceding the request-line — a carefully scoped robustness allowance...
Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted
Summary Before reading the first request-line, HttpObjectDecoder skips every byte for which Character.isISOControlb is true 0x00–0x1F and 0x7F as well as all whitespace. RFC 9112 §2.2 only asks servers to ignore empty CRLF lines preceding the request-line — a carefully scoped robustness allowance...
CVE-2026-49775 WordPress Welcart e-Commerce plugin <= 2.11.28 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Welcart e-Commerce = 2.11.28 versions...
CVE-2026-49775
CVE-2026-49775 affects WordPress Welcart e-Commerce plugin versions
CVE-2026-49070 WordPress Knit Pay plugin <= 9.4.0.0 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Knit Pay = 9.4.0.0 versions...
CVE-2026-49070 WordPress Knit Pay plugin <= 9.4.0.0 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Knit Pay = 9.4.0.0 versions...
EUVD-2026-36876
Unauthenticated Broken Access Control in Knit Pay = 9.4.0.0 versions...
CVE-2026-49070
CVE-2026-49070 affects the WordPress Knit Pay plugin (versions
CVE-2026-49065 WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce = 1.9.5 versions...
CVE-2026-49065 WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce = 1.9.5 versions...
CVE-2026-49065
The CVE applies to WordPress Hippoo Mobile App for WooCommerce plugin versions
EUVD-2026-36861
Unauthenticated Broken Access Control in JS Help Desk = 3.0.9 versions...
CVE-2026-48887 WordPress JS Help Desk plugin <= 3.0.9 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in JS Help Desk = 3.0.9 versions...
CVE-2026-48887 WordPress JS Help Desk plugin <= 3.0.9 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in JS Help Desk = 3.0.9 versions...
CVE-2026-48883 WordPress WPC Product Bundles for WooCommerce plugin <= 8.5.3 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce = 8.5.3 versions...
EUVD-2026-36858
Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce = 8.5.3 versions...
CVE-2026-48883 WordPress WPC Product Bundles for WooCommerce plugin <= 8.5.3 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce = 8.5.3 versions...
CVE-2026-48883
CVE-2026-48883 concerns the WordPress plugin WPC Product Bundles for WooCommerce (versions <= 8.5.3) with an Unauthenticated Broken Access Control vulnerability. The available references indicate unauthenticated access to restricted functionality, with CVSS 3.1 base score 7.5 (HIGH) and impact...
CVE-2026-48881 WordPress TrueBooker plugin <= 1.1.9 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in TrueBooker = 1.1.9 versions...
CVE-2026-48881
Summary: CVE-2026-48881 affects the WordPress TrueBooker plugin (