2988 matches found
WordPress Simple Job Board - Unauthorized Data Access
The Simple Job Board plugin for WordPress is vulnerable to unauthorized data access due to insufficient authorization checking in the fetchquickjob function in all versions up to and including 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be...
Quick Event Manager < 9.7.5 - Cross-Site Scripting
The Quick Event Manager WordPress Plugin, version 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qemajaxcalendar' action. id: CVE-2023-23491 info: name: Quick Event Manager 9.7.5 - Cross-Site Scripting author: ritikchaddha severity: medium...
EUVD-2026-36117
Sharp Missing Authorization Check in Quick Creation Command Endpoints...
GHSA-GVRM-XH5G-W8V6 vulnerabilities
Vulnerabilities for packages: linux-vmware, linux-azure, linux-qemu, linux-qemu-melange, linux-gcp, linux-aws...
GHSA-CM56-MVX6-66QM vulnerabilities
Vulnerabilities for packages: linux-vmware, linux-azure, linux-qemu, linux-qemu-melange, linux-gcp, linux-aws...
GHSA-QHPR-79XW-32M8 vulnerabilities
Vulnerabilities for packages: linux-vmware, linux-azure, linux-qemu, linux-qemu-melange, linux-gcp, linux-aws...
[SECURITY] Fedora 43 Update: rust-quick-xml-0.41.0-1.fc43
High performance xml reader and writer...
[SECURITY] Fedora 44 Update: rust-quick-xml-0.41.0-1.fc44
High performance xml reader and writer...
curl: libcurl: curl/libcurl: Remote denial of service via QUIC UDP receive function vulnerability
A flaw was found in curl and libcurl. A malicious HTTP/3 server can exploit an issue in the QUIC UDP receive function by continuously streaming empty UDP datagrams. This can lead to a remote denial of service DoS against a curl or libcurl client, as the helper function discards zero-length UDP...
CVE-2026-56039
Unauthenticated Cross Site Scripting XSS in Quick Interest Slider = 3.1.6 versions...
EUVD-2026-39701
Unauthenticated Cross Site Scripting XSS in Quick Interest Slider = 3.1.6 versions...
CVE-2026-56039 WordPress Quick Interest Slider plugin <= 3.1.6 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Quick Interest Slider = 3.1.6 versions...
CVE-2026-56039
The provided connected sources confirm a vulnerability in the WordPress Quick Interest Slider plugin, version
EUVD-2026-39378
Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce = 1.6.2 versions...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fixed a NULL dereference when deactivating an inactive aggregate in qfqreset. qfqclass-leafqdisc-q.qlen 0 does not imply that the class itself is active. Two qfqclass objects may point to the same leafqdisc. Th...
WordPress Quick Interest Slider plugin <= 3.1.6 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by hivesec in WordPress Plugin Quick Interest Slider versions = 3.1.6...
EUVD-2026-38043
A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtiosndpcmincb function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730...
CVE-2026-11860
CVE-2026-11860 affects Quick.CMS. The issue is insecure deserialization of user-controlled data over plaintext HTTP, allowing an attacker to tamper serialized payloads and trigger gadget chains that enable arbitrary code execution when an administrator accesses the admin panel. The root cause is ...
EUVD-2026-36703
Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject malicious objects. Because deserialization is performed without proper validation or class...
CVE-2026-11860 Insecure Deserialisation via Plaintext HTTP leading to Remote Code Execution in Quick.CMS
Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject malicious objects. Because deserialization is performed without proper validation or class...