104 matches found
EUVD-2026-37821
Steeltoe: OAEP setting silently selects PKCS1 v1.5 padding...
CVE-2026-42382
Unauthenticated Local File Inclusion in Audrey = 1.5 versions...
CVE-2026-42382 WordPress Audrey theme <= 1.5 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Audrey = 1.5 versions...
CVE-2026-10104 Product Video Gallery for Woocommerce <= 1.5.1.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via custom_thumbnail Parameter
The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
EUVD-2026-37676
Unauthenticated PHP Object Injection in Mildhill = 1.5 versions...
CVE-2025-69170
Unauthenticated Local File Inclusion in Eventicity = 1.5 versions...
EUVD-2026-37690
Unauthenticated PHP Object Injection in SingleMalt = 1.5 versions...
EUVD-2025-210266
Unauthenticated Local File Inclusion in Eventicity = 1.5 versions...
PT-2026-50101
Unauthenticated Local File Inclusion in Aperitif = 1.5 versions...
PT-2026-49547
Name of the Vulnerable Software and Affected Versions Canon EOS Network Setting Tool versions prior to 1.5.1 Description The software employs weak SSH cryptographic algorithms, which are encryption methods used to secure communication over the Secure Shell SSH protocol that are no longer consider...
CVE-2026-46543 nimiq-blockchain: Genesis batch set request
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls getepochchunks which iterates...
node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification
A flaw was found in Forge also called node-forge, a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do n...
MiracleLinux 8 : ruby:3.3 (AXSA:2026-769:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-769:01 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the...
Fedora 43 : apptainer (2026-6c547e9f64)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6c547e9f64 advisory. Update to upstream 1.5.0, fix CVE-2026-32285 and CVE-2026-34986 ---- Update to upstream 1.5.0-rc.2 ---- Update to upstream 1.5.0-rc.1 Tenable has...
CVE-2026-45214
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects Xpro Elementor Addons: from n/a through = 1.5.1...
Atlona ATOMERX21 - Authenticated Command Injection
// Exploit Title: Atlona AT-OME-RX21 Authenticated Command Injection // Google Dork: N/A // Date: 2025-12-28 // Exploit Author: RIZZZIOM // Vendor Homepage: https://atlona.com // Software Link: https://atlona.com/product/at-ome-rx21/ // Version: Firmware -u -p -l -P -c package main import "bytes"...
PT-2026-35222
A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description leads to command injection. The attack must be carried out locally. The exploit has been disclosed...
CVE-2026-40906
Electric’s CVE-2026-40906 describes an error-based SQL injection in the order_by parameter of the ElectricSQL /v1/shape API in Electric (Postgres sync engine). Affected versions range from 1.1.12 up to before 1.5.0; an authenticated user could craft ORDER BY expressions to read, write, and destro...
CVE-2026-2450
.NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0...
CVE-2026-3530
Server-Side Request Forgery SSRF vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...