3870 matches found
PT-2026-52762
Name of the Vulnerable Software and Affected Versions Payment Gateway Based Fees and Discounts for WooCommerce versions prior to 3.0.1 Description An unauthenticated Insecure Direct Object Reference IDOR exists in the software. IDOR is a type of access control vulnerability that occurs when an...
Oracle Linux 9 : .NET / 10.0 (ELSA-2026-21297)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-21297 advisory. 10.0.109-1.0.1 - Add support for Oracle Linux 10.0.109-1 - Update to .NET SDK 10.0.109 and Runtime 10.0.9 - Resolves: RHEL-181558 10.0.108-1 - Update to .NET S...
CVE-2026-56091 Apache Shiro: Authentication bypass in Guice-Web integration
When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause an authentication bypass. This vulnerability is similar to https://vulners.com/cve/CVE-2020-1957 https://www.cve.org/CVERecord , except that it affects the shiro-guice module...
CVE-2025-60474
GPAC MP4Box up to version 26.01.x has a buffer overflow in the gf_media_import() function (in /media_tools/av_parsers.c). The underlining issue allows DoS via crafted input, affecting MP4Box before 26.02.0. Public sources consistently cite GPAC MP4Box versions prior to 26.02.0 as vulnerable, with...
Vertiv Liebert SiteScan Incorrect Authorization (CVE-2024-5539)
CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...
Vertiv Liebert SiteScan Cross-site Scripting (CVE-2024-5540)
CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products in versions older than 8.0. Untrusted data is included in web pages without proper validation, allowing...
CVE-2026-9320
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...
CVE-2025-33128
IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...
PT-2026-51207
Name of the Vulnerable Software and Affected Versions ILIAS Learning Management System version 11.0 Description An issue exists in the Learning Progress Tracking component within the ilTrQuery::executeQueries function of the components/ILIAS/Tracking/classes/class.ilTrQuery.php file. Remote...
CVE-2026-48774
ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...
CVE-2026-48774
ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...
Astra Linux – Vulnerability in Tomcat9
The “Allocation of Resources Without Limits or Throttling” vulnerability in Apache Tomcat exists. This issue affects Apache Tomcat versions from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, and from 9.0.13 through 9.0.89. The following versions were already end-of-life at the tim...
Astra Linux – Vulnerability in rabbitMQ-server
Versions of RabbitMQ prior to 3.8.16 are vulnerable to a denial-of-service vulnerability due to improper input validation in the AMQP 1.0 client connection endpoint. A malicious user can exploit this vulnerability by sending malicious AMQP messages to the target RabbitMQ instance where the AMQP 1...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: EFI: Runtime: Avoid EFIv2 runtime services on Apple x86 machines Aditya reports that his recent MacBookPro crashes during firmware updates when variable services are used at runtime. The culprit seems to be a call to...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcantxhandler: fixed the issue where skb was freed after it had been used. The canPUTechoskb function clones a skb and then frees it. This function should be moved directly before the start of the xmit in hardware for...
Astra Linux – Vulnerability in WebKit2GTK
A port redirection issue has been resolved with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4, and iPadOS 14.4, as well as Safari 14.0.3. A malicious website may be able t...
CVE-2026-11395
The CF7 to Webhook plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.0 via the pullthetrigger. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...
EUVD-2026-37647
Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...
EUVD-2026-37653
Unauthenticated Local File Inclusion in Right Way = 4.0 versions...
CVE-2026-30803
RTI Connext Micro (Core Libraries) is affected by an Integer Underflow (wrap/wraparound) vulnerability that allows overread of buffers. Affected versions are Connext Micro 4.0.0 up to (but not including) 4.3.0. The issue is documented across CVE-2026-30803 entries in NVD and CVE records; no explo...