2222 matches found
CVE-2026-55392
NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfssbisvalid function fails to validate slogblocksize field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashi...
RHSA-2026:26655 Red Hat Security Advisory: ruby:3.3 security update
Bulletin has no description...
CVE-2026-12137 SysBasics Customize My Account for WooCommerce <= 4.3.6 - Reflected Cross-Site Scripting via 'tab' Parameter
The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 4.3.6 due to insufficient input sanitization and output escaping. Thi...
CVE-2026-48997
e107 is a content management system CMS. Versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In resizeimage, the source path is escaped with escapeshellarg, but the destination path is inserted inside raw double quotes in the convert...
EUVD-2025-210234
Unauthenticated Local File Inclusion in Orpheus = 1.3 versions...
CVE-2026-30803
CVE-2026-30803 describes an Integer Underflow in RTI Connext Micro (Core Libraries) that allows an overread of buffers. Affected is Connext Micro versions from 4.0.0 up to, but not including, 4.3.0. The description provided does not specify a disclosed exploit, mitigation, or a confirmed fix vers...
Important: Red Hat Security Advisory: ruby:3.3 security update
An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
CVE-2025-69128
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in EMV JobCareer allows Path Traversal. This issue affects JobCareer: from n/a through 7.3...
EUVD-2025-210247
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in EMV JobCareer allows Path Traversal. This issue affects JobCareer: from n/a through 7.3...
WordPress Visual Link Preview plugin <= 2.3.1 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by she11f in WordPress Plugin Visual Link Preview versions = 2.3.1...
CVE-2026-22340
CVE-2026-22340: Unauthenticated SQL Injection in WordPress WPJobster theme
CVE-2025-69125 WordPress Food Drop theme <= 1.3 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Food Drop = 1.3 versions...
BIT-MARIADB-MIN-2026-44172 MariaDB: mysql_real_escape_string() incorrectly handled big5
MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...
EUVD-2026-36988
Unauthenticated Broken Access Control in WPAdverts = 2.3.0 versions...
EUVD-2026-36955
Subscriber Insecure Direct Object References IDOR in EventPrime = 4.3.0.0 versions...
EUVD-2026-36926
Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...
CVE-2026-48889
Subscriber Privilege Escalation in Amelia = 2.3 versions...
CVE-2026-34901
Unauthenticated Privilege Escalation in iControlWP = 5.5.3 versions...
CVE-2025-68851
Unauthenticated Cross Site Scripting XSS in Okay Toolkit = 2.3 versions...
EUVD-2026-36887
Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot = 1.3.7 versions...