219598 matches found
CVE-2026-45443 WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 5.5.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor Forms + Drag And Drop Template Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through 5.5.1...
CVE-2026-45443
Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor Forms + Drag And Drop Template Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through 5.5.1...
CVE-2026-45443
CVE-2026-45443 affects the WordPress plugin PDF for Elementor Forms + Drag And Drop Template Builder (versions
EUVD-2026-31096
Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor Forms + Drag And Drop Template Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through 5.5.1...
WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 5.5.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nguyen Tran Tuan Dung domiee13 in WordPress Plugin PDF for Elementor Forms + Drag And Drop Template Builder versions = 5.5.1...
Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.4.12 Security Update
New Red Hat build of Keycloak 26.4.12 packages are available from the Customer Portal Red Hat build of Keycloak 26.4.12 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security...
keycloak: org.keycloak.authorization: Keycloak: Information disclosure via broken access control in user lookup endpoint
A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a remote authenticated user, who owns at least one User-Managed Access UMA resource, to enumerate and harvest personally identifiable information PII for all realm users. By...
CVE-2026-0856
Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+3230...
CVE-2026-0856
The CVE-2026-0856 entry concerns an Improper Access Control vulnerability in the Mesalvo Meona Client Launcher Component and the Mesalvo Meona Server Component. A normal user can gain access to the admin panel due to weaknesses in authorization guards affecting the Client Launcher (up to 19.06.20...
EUVD-2026-31093
Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+3230...
CVE-2026-0856
Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+3230...
CVE-2026-0856
Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+3230...
CVE-2026-0856
Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+3230...
Malicious code in nolimit-x (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92a244ab5171edadc3082bc97d5b0834c4cfe98f2e5b6437503a30a7c1ac38aa nolimit-x ships an entirely obfuscator.io-packed runtime 45 files under.ad/, including the x0.js entrypoint with no readable source, and...
MAL-2026-4621 Malicious code in nolimit-x (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92a244ab5171edadc3082bc97d5b0834c4cfe98f2e5b6437503a30a7c1ac38aa nolimit-x ships an entirely obfuscator.io-packed runtime 45 files under.ad/, including the x0.js entrypoint with no readable source, and...
Malicious code in pinno-loggers (npm)
pinno-loggers is a malicious npm package that depends on terminal-logger-utils and triggers the malicious behavior in that package when installed or imported. The terminal-logger-utils payload executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper downloads a...
CLSA-2026-1779265764 giflib: Fix of CVE-2026-26740
CVE-2026-26740: fix heap OOB write when rewriting truncated GCE in EGifGCBToSavedExtension...
CVE-2026-45038
Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, since Tabby does not escape control characters from file paths when dragging and dropping a file into it, code execution can be achieved. This vulnerability is fixed in 1.0.233...
kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel
A flaw was found in the Linux kernel's XFRM ESP-in-TCP subsystem. Unsafe in-place cryptographic processing allows a low-privileged local attacker to write arbitrary bytes into the page cache of read-only files, including sensitive system files. An attacker can exploit this to overwrite privileged...
Malicious code in ts-logger-pack (npm)
ts-logger-pack is a malicious npm package that depends on terminal-logger-utils and triggers the malicious behavior in that package when installed or imported. The terminal-logger-utils payload executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper downloads...