246 matches found
EUVD-2026-41469
The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 4.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
EUVD-2026-41271
A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 included, 4.8.0 to 4.8.15 included , 5.0.0 to 5.0.5 included There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the...
CVE-2026-8480
A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 included, 4.4.0 to 4.8.15 included , 5.0.2 EA to 5.0.5 included A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to...
EUVD-2026-40107
Unauthenticated Cross Site Scripting XSS in Jobify = 4.3.2 versions...
CVE-2025-68063 WordPress Splash - Sport Club WordPress theme for Basketball, Football, Hockey theme <= 4.4.3 - Local File Inclusion vulnerability
Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey = 4.4.3 versions...
CVE-2026-12137 SysBasics Customize My Account for WooCommerce <= 4.3.6 - Reflected Cross-Site Scripting via 'tab' Parameter
The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 4.3.6 due to insufficient input sanitization and output escaping. Thi...
CVE-2026-30803
RTI Connext Micro (Core Libraries) is affected by an Integer Underflow (wrap/wraparound) vulnerability that allows overread of buffers. Affected versions are Connext Micro 4.0.0 up to (but not including) 4.3.0. The issue is documented across CVE-2026-30803 entries in NVD and CVE records; no explo...
EUVD-2026-36955
Subscriber Insecure Direct Object References IDOR in EventPrime = 4.3.0.0 versions...
PT-2026-49394
Subscriber Insecure Direct Object References IDOR in EventPrime = 4.3.0.0 versions...
CVE-2026-45154
Nextcloud Collectives vulnerability: from version 2.6.0 through before 4.3.0, if a collective page was deleted and the collective was shared view‑only, guests with access could directly retrieve the deleted pages from the trashbin. Root cause: improper access control. A fix is available in versio...
PT-2026-45470
Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests with access to the collective were able to access the deleted pages directly from the trashbin. This...
CVE-2026-42735
The CVE concerns the WordPress KiviCare plugin by Iqonic Design (affected: KiviCare kivicare-clinic-management-system, plugin version
SUSE CVE-2026-7737
A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated...
Linux Distros Unpatched Vulnerability : CVE-2026-45232
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows netwo...
EUVD-2026-29439
multiparty vulnerable to ReDoS via filename parsing...
EUVD-2026-29441
multiparty vulnerable to Denial of Service via Uncaught Exception in filename parameter parsing...
GHSA-XH3C-6GCQ-G4RV multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing
Impact [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition: filename=utf-8'' header containing a malformed percent-encoding e.g., %FF, %GG, the parser invokes decodeURI on the value...
multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception
Impact [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property e.g., proto, constructor, toString, the parser invokes .push on the inherited...
CLEANSTART-2026-AN27706 Security fixes for CVE-2026-22815, CVE-2026-30922, CVE-2026-31958, CVE-2026-32597, CVE-2026-33175, CVE-2026-34052, CVE-2026-34073, CVE-2026-34513, CVE-2026-34514, CVE-2026-34515, CVE-2026-34516, CVE-2026-34517, CVE-2026-34518, CVE-2026-34519, CVE-2026-34520, CVE-2026-34525, CVE-2026-44431, CVE-2026-44432, ghsa-752w-5fwx-jx9f, ghsa-78cv-mqj4-43f7, ghsa-gc5v-m9x4-r6x2, ghsa-jr27-m4p2-rc6r, ghsa-m959-cc7f-wv43, ghsa-qjxf-f2mg-c6mc applied in versions: 4.3.2-r0, 4.3.2-r1, 4.3.2-r2, 4.3.2-r3
Multiple security vulnerabilities affect the jupyterhub-k8s-hub package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-7648 LearnPress – WordPress LMS Plugin for Create and Sell Online Courses <= 4.3.5 - Authenticated (Subscriber+) Payment Bypass to Free Course Enrollment via 'quantity' Parameter
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, whi...