1184 matches found
CVE-2026-5137
The RTMKit rometheme-for-elementor plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.7 This is due to insufficient path validation on the 'template' parameter in the rendertemplates AJAX endpoint, which is used directly in a require/include statement...
Shield Security WP Plugin <= 18.5.9 - Local File Inclusion
The Shield Security Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the renderactiontemplate parameter. This makes it possible for unauthenticated attacker to include and execute PHP fil...
CVE-2026-14093
Use after free in Cast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...
CVE-2026-13937
CVE-2026-13937 concerns Google Chrome where insufficient policy enforcement in passwords handling within the Chromium-based renderer allowed a remote attacker who had already compromised the renderer to leak cross-origin data via a crafted HTML page. The vulnerability is described in multiple sou...
CVE-2026-46417
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.12, 21.2.13, 20.3.21, and 19.2.22, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server. The issue stems from how...
CVE-2026-54067
SiYuan (prior to v3.7.0) is affected by a stored XSS in renderSnippet() where a CSS snippet containing breaks out of the surrounding tag during insertion, enabling injected JavaScript in the renderer. In Electron builds with nodeIntegration: true, this can reach Node APIs (e.g., child_process) a...
CVE-2026-54067 SiYuan: Stored XSS to RCE via CSS-snippet <style> breakout in renderSnippet()
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, CSS snippet body containing breaks out of its surrounding tag when renderSnippet interpolates it via insertAdjacentHTML. A payload like runs arbitrary JavaScript in the renderer. On Electron desktop builds the renderer...
CVE-2026-53946
Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, when re-rendering posts, Ghost would refetch missing image dimensions by issuing an outbound HTTP request to the URL stored on an image card — without restricting that URL to trusted image hosts. An authenticated staff user...
Astra Linux – Vulnerability in htmldoc
A flaw was discovered in htmldoc version 1.9.12. A heap buffer overflow in the rendertablerow function, located in ps-pdf.cxx, may lead to arbitrary code execution and denial of service...
Astra Linux – Vulnerability in WebKit2GTK
A use-after-free vulnerability exists in WebCore::RenderLayer::renderer in WebKitGTK before version 2.36.8, allowing attackers to execute code remotely...
Astra Linux – Vulnerability in xorg-server
A use-after-free vulnerability was discovered in the ProcRenderAddGlyphs function of Xorg servers. This issue arises when the AllocateGlyph function is called to store new glyphs sent by the client to the X server. As a result, multiple entries may point to the same non-refcounted glyphs...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux 5.15
A NULL pointer dereference vulnerability was discovered in the vmwgfx driver, located in the file vmwgfxexecbuf.c within the GPU component of the Linux kernel. The vulnerability affects device files such as '/dev/dri/renderD128' or 'Dxxx'. This flaw allows a local attacker with a user account on...
Astra Linux – Vulnerability in libsdl2
A potential memory leak issue was discovered in the SDL2 library, specifically in the GLESCreateTexture function within the SDLrendergles.c file. This vulnerability allows an attacker to carry out a denial-of-service attack. The vulnerability affects SDL2 version 2.0.4 and later versions. SDL-1.x...
Astra Linux – Vulnerability in Firefox and Thunderbird
Using tables within an iframe, an attacker could cause the iframe contents to be rendered outside the boundaries of the iframe, leading to potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...
Astra Linux – Vulnerability in DjVuLibre
A flaw was discovered in djvulibre-3.5.28 and earlier. An integer overflow in the render function in tools/ddjvu, through a crafted djvu file, may cause the application to crash and lead to other issues...
CVE-2026-12157
The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient...
CVE-2026-44645
LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the renderLimit option can be fully bypassed by a % for % or % tablerow % tag whose body is empty. The renderLimit option is documented in docs/source/tutorials/dos.md as the...
CVE-2026-44646
LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, Context.spawn creates a child Context for the % render % tag but does not propagate the parent context's resolved ownPropertyOnly value, resulting in a silent bypass. The new...
CVE-2026-45357
LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the date filter's strftime implementation parses width specifiers like %9999999d and forwards the captured width unchecked into pad/padStart, leading to memory and render limit...
CVE-2026-45357
CVE-2026-45357 — LiquidJS date filter (strftime) DoS via unbounded width padding . In LiquidJS