Lucene search
+L

2464 matches found

NVD
NVD
added 2 days ago8 views

CVE-2026-15407

The Themify Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 7.7.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS0.00288EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 5 days ago5 views

xorg: X11: xserver: X.org: glamor Font Atlas Heap Buffer Overflow

A flaw was found in the glamorfontget function of the xorg-x11-server. This vulnerability, a heap buffer overflow, occurs when the server processes a specially crafted PCF font file where individual glyph metrics exceed the declared maximum bounds. An authenticated X client can exploit this by...

8.5CVSS6.5AI score0.00212EPSS
Exploits0References4
NVD
NVD
added 2026/07/09 10:16 a.m.17 views

CVE-2026-15158

The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the saveattachments function. This is due to the Custom Fonts extension registering a wpcheckfiletypeandext filter that approves any filename containing .woff2 or .tt...

9.8CVSS0.00995EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/09 8:31 a.m.7 views

EUVD-2026-42549

The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the saveattachments function. This is due to the Custom Fonts extension registering a wpcheckfiletypeandext filter that approves any filename containing .woff2 or .tt...

9.8CVSS6.6AI score0.00995EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/09 8:31 a.m.8 views

CVE-2026-15158

The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the saveattachments function. This is due to the Custom Fonts extension registering a wpcheckfiletypeandext filter that approves any filename containing .woff2 or .tt...

9.8CVSS6.6AI score0.00995EPSS
Exploits0References4
CVE
CVE
added 2026/07/09 8:31 a.m.21 views

CVE-2026-15158

Blocksy Companion

9.8CVSS6.6AI score0.00995EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.9 views

PT-2026-56760

Name of the Vulnerable Software and Affected Versions Blocksy Companion versions prior to 2.1.47 Description The Blocksy Companion plugin for WordPress allows unauthenticated arbitrary file upload through the save attachments function. The issue occurs because the Custom Fonts extension uses a wp...

9.8CVSS6.3AI score0.00995EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.4 views

SUSE SLES12 Security Update : xorg-x11-server (SUSE-SU-2026:2792-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:2792-1 advisory. This update for xorg-x11-server fixes the following issue - CVE-2026-55999: missing bounds check in glamorfontget can lead to a heap buffer overflow wh...

8.5CVSS6.3AI score0.00212EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/08 7:1 p.m.4 views

CVE-2026-56001

A flaw was found in libXfont2. In the BitmapScaleBitmaps function, an integer overflow can occur when calculating the memory needed for font glyphs. This overflow leads to a heap buffer overflow, where a smaller-than-required memory buffer is allocated. A local attacker can exploit this by loadin...

8.8CVSS6.6AI score0.0038EPSS
Exploits0References3
NVD
NVD
added 2026/07/08 2:17 p.m.12 views

CVE-2026-58480

Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary file upload vulnerability that allows attackers to upload executable files by bypassing extension validation in the saveattachments function exposed through the Advanced Reviews feature. Attackers can...

9.8CVSS0.00605EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/08 1:5 p.m.5 views

EUVD-2026-42233

Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary file upload vulnerability that allows attackers to upload executable files by bypassing extension validation in the saveattachments function exposed through the Advanced Reviews feature. Attackers can...

9.8CVSS6.4AI score0.00605EPSS
Exploits0References4
OSV
OSV
added 2026/07/08 9:16 a.m.3 views

UBUNTU-CVE-2026-55999

Local attackers with a X connection able to provide PCX fonts to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a heap buffer overflow via SetFont due to missing glyph boundary checks...

8.5CVSS6.2AI score0.00212EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/07/08 8:7 a.m.6 views

CVE-2026-55999

Local attackers with a X connection able to provide PCX fonts to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a heap buffer overflow via SetFont due to missing glyph boundary checks...

8.5CVSS6.2AI score0.00212EPSS
Exploits0
OSV
OSV
added 2026/07/08 8:7 a.m.4 views

CVE-2026-55999 xorg-server / xwayland glamor font atlas Heap Buffer Overflow

Local attackers with a X connection able to provide PCX fonts to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a heap buffer overflow via SetFont due to missing glyph boundary checks...

8.5CVSS6.2AI score0.00212EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/08 8:7 a.m.35 views

CVE-2026-55999 xorg-server / xwayland glamor font atlas Heap Buffer Overflow

Local attackers with a X connection able to provide PCX fonts to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a heap buffer overflow via SetFont due to missing glyph boundary checks...

8.5CVSS0.00212EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/08 8:7 a.m.9 views

EUVD-2026-42188

Local attackers with a X connection able to provide PCX fonts to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a heap buffer overflow via SetFont due to missing glyph boundary checks...

8.5CVSS6.2AI score0.00212EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/08 8:7 a.m.10 views

CVE-2026-55999

Local attackers with a X connection able to provide PCX fonts to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a heap buffer overflow via SetFont due to missing glyph boundary checks...

8.5CVSS6.2AI score0.00212EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.9 views

PT-2026-56414

Name of the Vulnerable Software and Affected Versions Blocksy Companion Pro plugin for WordPress versions prior to 2.1.47 Description An unauthenticated arbitrary file upload issue exists within the Advanced Reviews feature. The save attachments function fails to properly validate file extensions...

9.8CVSS6.3AI score0.00605EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 3:34 p.m.15 views

Malicious code in nuxt-fonts-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6ede5024b6ee71356eedb3dfb3bb648682901bf6b966bbe353daff6082ecc85 Package ships only a package.json and a readme; there is no main entry, no bin, no scripts, no dependencies, and no executable code. The readme...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/07/07 3:34 p.m.9 views

MAL-2026-6937 Malicious code in nuxt-fonts-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6ede5024b6ee71356eedb3dfb3bb648682901bf6b966bbe353daff6082ecc85 Package ships only a package.json and a readme; there is no main entry, no bin, no scripts, no dependencies, and no executable code. The readme...

6.2AI score
Exploits0References2
Rows per page
Query Builder