457711 matches found
CVE-2026-11409
The CVE-2026-11409 entry concerns an authenticated OS command injection in the IPv6 PPPoE configuration handler of TL-WR940N v6. The vulnerability arises from improper sanitization of user input, allowing an authenticated attacker with administrative access to execute arbitrary system commands wi...
CVE-2026-11410 OS Command Injection in BigPond Cable (BPA) Configuration in TP-Link TL-WR940N
An authenticated OS command injection vulnerability exists in the BigPond Cable BPA WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...
CVE-2026-11410
The CVE-2026-11410 entry concerns TL-WR940N v6 (BigPond Cable BPA WAN config) with an authenticated OS command injection caused by improper input sanitization in the configuration module. An administrator can trigger arbitrary command execution with elevated privileges on the device via the BPA W...
GHSA-7CX2-G3H9-382P Crawl4AI: Arbitrary file write (symlink/TOCTOU) plus log and webhook-header injection in Docker server
Summary Three backward-compatible hardening fixes in the Docker API server. The headline issue is an arbitrary file write via the screenshot/PDF outputpath. 1. Arbitrary file write via outputpath symlink / TOCTOU primary POST /screenshot and POST /pdf accept an outputpath constrained to...
CVE-2026-49080
CVE-2026-49080 : Unauthenticated SQL Injection affecting the WordPress plugin wpDataTables, version
CVE-2026-49080 WordPress wpDataTables plugin <= 7.3.6 - SQL Injection vulnerability
Unauthenticated SQL Injection in wpDataTables = 7.3.6 versions...
CVE-2026-40761 WordPress Valeska theme <= 1.2.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Valeska = 1.2.2 versions...
CVE-2026-40761
WordPress Theme Valeska <= 1.2.2 is affected by an unauthenticated PHP Object Injection vulnerability. Affected component: Valeska theme (WordPress). Root cause: PHP object injection in versions
CVE-2026-40760 WordPress Behold theme <= 1.5 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Behold = 1.5 versions...
CVE-2026-40759 WordPress Esmée theme <= 1.4 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Esmée = 1.4 versions...
CVE-2026-40759
CVE-2026-40759 affects WordPress Esmée theme versions
CVE-2026-40760
WordPress Behold theme
CVE-2026-40758 WordPress Léonie theme <= 1.2.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Léonie = 1.2.1 versions...
CVE-2026-40758
The CVE concerns WordPress Léonie theme versions
CVE-2026-40754 WordPress Roisin theme <= 1.4 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Roisin = 1.4 versions...
CVE-2026-40754
CVE-2026-40754 concerns the WordPress Roisin theme (versions <= 1.4) with unauthenticated PHP Object Injection. Public references describe an object-injection vulnerability in Roisin
CVE-2026-40755
CVE-2026-40755 affects WordPress TechLink theme versions
CVE-2026-40755 WordPress TechLink theme <= 1.3 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in TechLink = 1.3 versions...
CVE-2026-40751 WordPress Ashtanga theme <= 1.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Ashtanga = 1.2 versions...
CVE-2026-40751
CVE-2026-40751 affects WordPress Theme Ashtanga versions