8400 matches found
EUVD-2026-39646
A vulnerability exists in the netclient and factory services of Reolink Home Hub versions prior to v3.3.0.45626031911 due to the possibility of brute-force cracking the credentials. This issue could allow attackers on the same local network to intercept traffic between the Hub and associated...
Pulse Secure Pulse Connect Secure - Cross-Site Scripting (Reflected)
Pulse Secure Pulse Connect Secure PCS 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3 contain a reflected cross-site scripting caused by insufficient sanitization on the Application Launcher page, letting attackers execute scripts in the context of the affected page, exploit requires victim to visit ...
NocoBase - SQL Injection
NocoBase @nocobase/plugin-collection-sql versions prior to 2.0.39 are vulnerable to SQL injection via the sqlCollection:update endpoint. The checkSQL function, which blocks dangerous SQL keywords and ensures only SELECT statements are allowed, is not called during collection updates. id:...
MaNGOSWebV4 < 4.0.8 - Cross-Site Scripting
paintballrefjosh/MaNGOSWebV4 4.0.8 contains a reflected XSS caused by unsanitized input in install/index.php step parameter, letting attackers execute arbitrary scripts in the victim's browser, exploit requires victim to visit a maliciously crafted URL id: CVE-2017-6478 info: name: MaNGOSWebV4...
CVE-2026-9222 Setracker2 Children's Smartwatch Ecosystem Use of password hash instead of password for authentication
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access...
CVE-2026-50573
CVE-2026-50573 affects the pnpm package manager. Before versions 10.34.0 and 11.4.0, when running pnpm install in non-frozen mode, a package with an existing lockfile integrity can be updated if the registry serves different metadata/tarball content for the same package version. The initial integ...
CVE-2026-46732
Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of...
CVE-2026-56071 WordPress Forminator plugin <= 1.53.1 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Forminator = 1.53.1 versions...
CVE-2026-54828
WordPress Motors plugin for WordPress, versions <= 1.4.109, has an unauthenticated Broken Access Control vulnerability. Affects Motors plugin core files/components on affected installs; CVSS 3.1 base score 7.5 (High) with network access, low attack complexity, no privileges required, no user i...
CVE-2026-39951
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graphnameregexp in the Reports feature. This issue has been fixed in version 1.2.31...
CVE-2026-49277
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, Rocket.Chat does not revoke OAuth bearer or refresh tokens when a user is deactivated. A deactivated user can continue using an existing OAuth...
CVE-2026-12537
Summary (CVE-2026-12537) : The vulnerability affects Google Gemini CLI container launcher (versions prior to 0.39.1) and the run-gemini-cli GitHub Action (versions prior to 0.1.22) on headless CI platforms. It stems from improper neutralization in an OS command, enabling an unprivileged attacker ...
CVE-2026-54639
Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of convertTokenDatatokens, output: 'object' ;; indirect usage, via using Expand API; and/or indirect...
CVE-2023-54365
Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 request handling inherited from the Go standard library's HTTP/2 implementation CVE-2023-44487 / CVE-2023-39325, the 'Rapid Reset' technique. A remote attacker can rapidly create and cancel HTTP/2...
CVE-2026-46080 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-46080 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-46122 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-46122 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-46128 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-46128 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-46079 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-46079 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-46131 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-46131 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-46106 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-46106 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...