18850 matches found
CVE-2026-9711
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress full is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up to, and including, 5.0.11 due to insufficient escaping on the user supplied parameter and lack of preparation on the existing SQL quer...
EUVD-2026-40273
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress full is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up to, and including, 5.0.11 due to insufficient escaping on the user supplied parameter and lack of preparation on the existing SQL quer...
EUVD-2026-40128
A flaw has been found in Edimax EW-7478APC 1.04. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. This manipulation of the argument UserName/Password causes buffer overflow. The attack is possible to be carried out remotely...
EUVD-2026-40073
A flaw has been found in Edimax EW-7478APC 1.04. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. This manipulation of the argument selSSID causes buffer overflow. It is possible to initiate the attack remotely. The exploit...
EUVD-2026-40044
A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls. The attack can be initiated remotely. The exploit has been published and may be used. The project wa...
CVE-2026-13544
The CVE refers to Feehi CMS (up to version 2.1.1) with an issue in the API component, specifically the /api/users endpoint. The flaw allows manipulation that leads to improper access controls, enabling remote initiation of an attack. Public exploit appears to be available, and the vendor/maintain...
CVE-2026-13517
A flaw has been found in Tenda JD12L 16.03.53.23. The impacted element is the function formWifiBasicSet of the file /goform/WifiBasicSet. Executing a manipulation of the argument security5g can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publishe...
EUVD-2026-40014
A flaw has been found in Tenda JD12L 16.03.53.23. The impacted element is the function formWifiBasicSet of the file /goform/WifiBasicSet. Executing a manipulation of the argument security5g can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publishe...
CVE-2026-13502
The CVE-2026-13502 entry concerns antlr ANTLR4 up to 4.13.2. It affects the function ObjectInputStream.readObject in the antlr4-maven-plugin’s GrammarDependencies.java, indicating a time-of-check time-of-use issue. The attack is restricted to local execution and requires a high degree of complexi...
EUVD-2026-40000
A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.readObject of the file antlr4-maven-plugin/src/main/java/org/antlr/mojo/antlr4/GrammarDependencies.java of the component Maven Plugin. This manipulation causes time-of-check time-of-use. The attack is...
CVE-2026-13493
A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown processing of the file backend/controller/conversationapi.py of the component Workflow Checkpoint Restore Handler. Executing a manipulation can lead to improper control of resource identifiers. The atta...
CVE-2026-13493 AIDC-AI ComfyUI-Copilot Workflow Checkpoint Restore conversation_api.py resource injection
A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown processing of the file backend/controller/conversationapi.py of the component Workflow Checkpoint Restore Handler. Executing a manipulation can lead to improper control of resource identifiers. The atta...
EUVD-2026-39983
A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encryptcredentials of the file application/security/encryption.py of the component Credential Storage. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the...
CVE-2026-54350
Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the backing MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or REST-with-JSON-body collection and, where the builder has published a PUBLIC write...
CVE-2026-54350
Budibase CVE-2026-54350 describes an unauthenticated NoSQL injection against published Budibase apps. EnrichContext substitutes query parameters into the JSON body and JSON.parse can lift attacker-controlled fields into the parsed filter, allowing an attacker with a PUBLIC query to read (and for ...
CVE-2026-54350 Budibase: Anonymous NoSQL operator injection via published-app query templates
Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the backing MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or REST-with-JSON-body collection and, where the builder has published a PUBLIC write...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the HTTP Agent. An attacker can cause a client to accept a response as valid before the client has sent its request by exploiting the timing of HTTP responses. Remediation A fix was...
CVE-2026-12805
A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper handling of integer values in the copyString function. An attacker can cause memory corruption or potentially execute arbitrary code by providing specially crafted input that triggers the...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper validation in the XMLParseBuffer function. An attacker can cause unexpected behavior, including potential data corruption or application crashes, by providing specially crafted input that...