406 matches found
EUVD-2026-40103
Subscriber Broken Access Control in Wallet System for WooCommerce = 2.7.6 versions...
EUVD-2026-39703
Unauthenticated Cross Site Scripting XSS in Responsive Lightbox = 2.7.6 versions...
CVE-2026-10852
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server...
EUVD-2026-38346
IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server...
CVE-2026-10852
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server...
PT-2026-51346
Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server affected versions not specified IBM WebSphere Application Server Liberty affected versions not specified IBM i versions 7.3 through 7.6 Description The WebSphere Web Server Plug-in component is susceptible to...
PT-2026-49606
Name of the Vulnerable Software and Affected Versions squid-cache Squid affected versions not specified Description A heap-based buffer overflow occurs during the processing of cache digests. A heap-based buffer overflow is a memory corruption issue where a program writes more data to a buffer...
CVE-2026-7870
CVE-2026-7870 affects IBM i 7.3–7.6 (5770-SS1). Root cause: an unqualified library call (CWE-427) could let a user’s code run with administrator privileges, enabling privilege escalation. Impact: allows elevated rights, with CVSSv3.1 base score 8.8 (HIGH) — attack vector: network, complexity: low...
PT-2026-48675
IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege...
Open5GS 授权问题漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Versions of Open5GS 2.7.6 and earlier contained vulnerabilities related to authorization. These vulnerabilities were caused by an unknown function in the file...
CVE-2026-6427
The WordPress plugin a3 Lazy Load (versions ≤ 2.7.6) is vulnerable to Stored XSS via crafted markup. A regex bug in _filter_videos() misquotes HTML attributes and, with unescaped output in admin/views/form-data.php, allows an authenticated Contributor to inject a script that executes in any view...
PT-2026-43980
Name of the Vulnerable Software and Affected Versions IBM i versions 7.3 through 7.6 Description A denial-of-service issue exists in the Integrated Language Environment ILE compiler due to uncontrolled recursion. An authenticated attacker can trigger this by compiling specially crafted source cod...
CVE-2026-24546
Missing Authorization vulnerability in Ruben Garcia GamiPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GamiPress: from n/a through 7.6.3...
EUVD-2025-209802
A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via specially crafted packets...
Fortinet FortiOS 缓冲区错误漏洞
Fortinet FortiOS is a security operating system developed by Fortinet Corporation, specifically for use on the FortiGate network security platform. This system provides users with various security features, including firewalls, antivirus protection, IPSec/SSLVPN, web content filtering, and...
CVE-2026-2311
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege...
EUVD-2026-26727
A vulnerability has been found in Open5GS up to 2.7.6. Affected is an unknown function of the file src/amf/gmm-handler.c of the component AMF. The manipulation of the argument regtype leads to denial of service. The attack is possible to be carried out remotely. Upgrading to version 2.7.7 is able...
CVE-2026-2311 IBM i is affected by a privilege escalation vulnerability in Web Administration GUI []
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege...
EUVD-2026-26440
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege...
CVE-2026-2311
CVE-2026-2311 affects IBM i releases 7.6, 7.5, 7.4, 7.3, and 7.2. The root cause is an invalid authorization check in the IBM i Web Administration GUI, enabling privilege escalation where a malicious actor could cause user‑controlled code to execute with administrator privileges. Impact is high (...