35998 matches found
EUVD-2026-45096
OpenClaw before 2026.6.5 could forward Authorization headers during MCP SSE redirects. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization. Impact depends on the operator's...
EUVD-2026-44925
A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library,...
Leantime < 2.4 - Authenticated SQL Injection
Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...
Broadstreet WordPress plugin - Reflected XSS
Broadstreet WordPress plugin 1.51.8 contains a reflected XSS caused by unsanitised and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires victim interaction. id: CVE-2025-4652 info: name: Broadstreet WordPress plugin -...
Rukovoditel <= 3.2.1 - Cross Site Scripting
A stored cross-site scripting XSS vulnerability in the Users Alerts feature /index.php?module=usersalerts/usersalerts of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add". id:...
Microsoft FrontPage Extensions - Information Disclosure
Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /vtibin/ virtual directory. id: CVE-2000-0114 info: name: Microsoft FrontPage Extensions - Information Disclosure author: r3naissance,matejsmycka severity...
Joomla! Component Property - Local File Inclusion
A directory traversal vulnerability in the Real Estate Property comproperties component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1875 info: name: Joomla...
EUVD-2026-44862
Loki queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy...
CVE-2026-15921
Node Version Manager nvm is a POSIX-compliant shell function for managing multiple node.js versions. In versions 0.32.1 through 0.40.5, nvm ls-remote and other commands that refresh remote LTS aliases, such as nvm install --lts parse the node.js mirror's index.tab and use each release's LTS...
CVE-2026-53514 Better Auth: Unauthorized invitation acceptance via unverified email match in organization plugin
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, and in 1.6.14 and later when invitation IDs can be obtained outside the invited mailbox and requireEmailVerificationOnInvitation: true is not enabled, the organization plugin's acceptInvitation,...
CVE-2026-48805
A flaw was found in Twig, a template language for PHP. Deprecated internal wrappers in the src/Resources/core.php file do not correctly forward the sandbox state. This allows legacy function calls, such as twigarraysome, to bypass security restrictions imposed by the sandbox. An attacker could...
CVE-2026-58559
DoS vulnerability in the vibration service. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2026-58559
CVE-2026-58559 describes a DoS vulnerability in the vibration service. According to the sources, the vulnerability impacts availability and has a CVSS v3.1 vector of AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (base score 6.5, MEDIUM). The attack is described as NETWORK-based with LOW complexity and requ...
EUVD-2026-44665
DoS vulnerability in the vibration service. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2026-58558
Permission control vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
EUVD-2026-44664
Permission control vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2026-58556
Technical details (affected product/version/root cause/remediation) are not publicly available in the provided documents. Monitor for updates.
EUVD-2026-44663
Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2026-58556
Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect availability...
EUVD-2026-44660
Design defect vulnerability in Expedition mode. Impact: Successful exploitation of this vulnerability may affect availability...