457894 matches found
HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection
A flaw was found in the HP Linux Imaging and Printing Software HPLIP. This vulnerability may allow a local attacker to achieve escalation of privileges and/or arbitrary code execution through operating system command injection. This could lead to an attacker gaining unauthorized control over the...
Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. In a post shared on X, the company said it has observed exploitation of CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 over the past 24 hours...
CVE-2026-5416
Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise...
CVE-2026-52715
Unauthenticated SQL Injection in GEO my WordPress = 4.5.5 versions...
CVE-2026-39574
Unauthenticated SQL Injection in InPost Gallery = 2.1.4.6 versions...
CVE-2026-39581
Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic = 1.1.4 versions...
CVE-2026-52712
Subscriber SQL Injection in Attendance Manager = 0.6.2 versions...
CVE-2026-49772
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2...
CVE-2026-49774
Improper Control of Generation of Code 'Code Injection' vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0...
EUVD-2026-37057
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2...
CVE-2026-49772
CVE-2026-49772 affects WordPress plugin The Events Calendar (Liquid Web / StellarWP) versions 6.15.12–6.16.2. The issue is an SQL Injection due to improper neutralization of special elements, enabling blind SQL injection. CVSS 3.1 base score 9.3 (CRITICAL) with AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L...
CVE-2026-49772 WordPress The Events Calendar plugin 6.15.12-6.16.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2...
EUVD-2026-37056
Improper Control of Generation of Code 'Code Injection' vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0...
CVE-2026-49774 WordPress RD Station plugin <= 5.6.0 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0...
CVE-2026-49774
CVE-2026-49774 describes an "Improper Control of Generation of Code (Code Injection)" vulnerability in the WordPress RD Station plugin
EUVD-2026-37051
Unauthenticated SQL Injection in GEO my WordPress = 4.5.5 versions...
CVE-2026-52715
GEO my WordPress plugin (WordPress)
CVE-2026-52715 WordPress GEO my WordPress plugin <= 4.5.5 - SQL Injection vulnerability
Unauthenticated SQL Injection in GEO my WordPress = 4.5.5 versions...
CVE-2026-52712 WordPress Attendance Manager plugin <= 0.6.2 - SQL Injection vulnerability
Subscriber SQL Injection in Attendance Manager = 0.6.2 versions...
EUVD-2026-37049
Subscriber SQL Injection in Attendance Manager = 0.6.2 versions...