6422 matches found
CVE-2026-26267 rs-soroban-sdk #[contractimpl] macro calls inherent function instead of trait function when names collide
soroban-sdk is a Rust SDK for Soroban contracts. Prior to versions 22.0.10, 23.5.2, and 25.1.1, the contractimpl macro contains a bug in how it wires up function calls. contractimpl generates code that uses MyContract::value style calls even when it's processing the trait version. This means if a...
CVE-2025-69287
The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. Prior to version 2.0.0, a cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature...
CVE-2026-25416
Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...
CVE-2026-25416
Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...
CVE-2026-25416 WordPress News Kit Elementor Addons plugin <= 1.4.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...
CVE-2026-25416 WordPress News Kit Elementor Addons plugin <= 1.4.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...
CVE-2026-25416
CVE-2026-25416 is a Missing Authorization (Broken Access Control) vulnerability in WordPress plugin News Kit Addons for Elementor (News Kit Elementor Addons) <= 1.4.2. Affected component is the Elementor Addons News Kit plugin; root cause is incorrectly configured access control. CVSS 3.1 base...
PT-2026-20982
Name of the Vulnerable Software and Affected Versions Leafkit versions prior to 1.4.1 Description Leafkit’s htmlEscaped function inadequately escapes HTML special characters when dealing with extended grapheme clusters. This occurs because the function only escapes characters if the extended...
Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster
htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character and some additional characters. In the case of html attributes, this can lead ...
WordPress plugin News Kit Elementor Addons 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
Photon OS 4.0: Openjdk11 PHSA-2026-4.0-0961
An update of the openjdk11 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0961. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster
htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character and some additional characters. In the case of html attributes, this can lead ...
PT-2026-20739
Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...
java-11-openjdk security update
1:11.0.31.0.1-1.0.1 - Update to jdk-11.0.31+1 Orabug: 38950473 - Fixes CVE-2025-64720 CVE-2025-65018 CVE-2026-21925 - CVE-2026-21933 CVE-2026-21945...
CVE-2026-1368
The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and retrieve the site's Zoom SDK key...
BSV SDK 安全漏洞
The BSV SDK is an open-source developer toolkit for BSV Blockchain. Versions of the BSV SDK prior to 2.0.0 contained security vulnerabilities. These vulnerabilities stemmed from errors in the signature data preparation process within the BRC-104 authentication mechanism, which could lead to...
WordPress Plugin 'LA Studio Element Kit for Elementor' < 1.6.0 Unauthenticated Privilege Escalation via Backdoor
The WordPress application running on the remote host has a version of the 'LA Studio Element Kit for Elementor' plugin that is prior to 1.6.0. It is, therefore, affected by an unauthenticated privilege escalation vulnerability. The plugin contains a backdoor that allows unauthenticated attackers ...
CVE-2025-27898
CVE-2025-27898 affects IBM DB2 Recovery Expert for LUW, version 5.5 Interim Fix 002. The issue is that sessions are not invalidated after a timeout, which could allow an authenticated user to impersonate another user on the system. Root cause is a lack of session invalidation after inactivity. Im...
CVE-2025-27898 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system...
CVE-2025-27900
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 is affected by an open redirect vulnerability that could allow a remote attacker to perform phishing by spoofing the URL and redirecting users to a malicious site. Affected component: DB2 Recovery Expert for LUW 5.5 Interim Fix 002. Underlying i...