1843 matches found
CVE-2026-1233
The Text to Speech for WP AI Voices by Mementor plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.9.8. This is due to the plugin containing hardcoded MySQL database credentials for the vendor's external telemetry server in the...
CVE-2026-1233
CVE-2026-1233 affects the WordPress plugin Text to Speech for WP (AI Voices by Mementor). All versions up to 1.9.8 contain hardcoded MySQL credentials for the vendor’s external telemetry server in the Mementor_TTS_Remote_Telemetry class, enabling unauthenticated actors to extract and decode these...
CVE-2026-1233 Text to Speech (TTS) by Mementor <= 1.9.8 - Use of Hardcoded Password to Unauthenticated Remote Database Access
The Text to Speech for WP AI Voices by Mementor plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.9.8. This is due to the plugin containing hardcoded MySQL database credentials for the vendor's external telemetry server in the...
CVE-2026-1233 Text to Speech (TTS) by Mementor <= 1.9.8 - Use of Hardcoded Password to Unauthenticated Remote Database Access
The Text to Speech for WP AI Voices by Mementor plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.9.8. This is due to the plugin containing hardcoded MySQL database credentials for the vendor's external telemetry server in the...
Exploit for Deserialization of Untrusted Data in Linuxfoundation Opentelemetry_Instrumentation_For_Java
CVE-2026-33701 — Unsafe Deserialization in OpenTelemetry Java...
PT-2026-30344
Name of the Vulnerable Software and Affected Versions Text to Speech for WP AI Voices by Mementor versions up to and including 1.9.8 Description The Text to Speech for WP AI Voices by Mementor plugin for WordPress contains hardcoded MySQL database credentials for the vendor's external telemetry...
MGASA-2026-0081 Updated thunderbird packages fix security vulnerabilities
Denial-of-service in the XML component. CVE-2025-59375 Spoofing issue in Thunderbird. CVE-2026-3889 Race condition, use-after-free in the Graphics: WebRender component. CVE-2026-4684 Incorrect boundary conditions in the Graphics: Canvas2D component. CVE-2026-4685 Incorrect boundary conditions in...
MGASA-2026-0080 Updated nss & firefox packages fix security vulnerabilities
Denial-of-service in the XML component. CVE-2025-59375 Race condition, use-after-free in the Graphics: WebRender component. CVE-2026-4684 Incorrect boundary conditions in the Graphics: Canvas2D component. CVE-2026-4685 Incorrect boundary conditions in the Graphics: Canvas2D component. CVE-2026-46...
GHSA-PRXJ-3GCV-CQRH Tesla Fleet Telemetry allows spoofing telemetry for arbitrary vehicles via compromised vehicle credentials
Summary A vulnerability in vehicle authentication allows threat actor with valid client credentials i.e., a private key and certificate from a rooted infotainment system to impersonate arbitrary VINs when authenticating to the telemetry server. Impact The attacker would be able to submit falsifie...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the vehicle authentication. An attacker can impersonate arbitrary vehicle identification numbers VINs by submitting falsified telemetry records using compromised client credentials. Remediation Upgrade...
Tesla Fleet Telemetry allows spoofing telemetry for arbitrary vehicles via compromised vehicle credentials
Summary A vulnerability in vehicle authentication allows threat actor with valid client credentials i.e., a private key and certificate from a rooted infotainment system to impersonate arbitrary VINs when authenticating to the telemetry server. Impact The attacker would be able to submit falsifie...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the vehicle authentication. An attacker can impersonate arbitrary vehicle identification numbers VINs by submitting falsified telemetry records using compromised client credentials. Remediation Upgrade...
firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Telemetry component...
Astra Linux – Vulnerability in Firefox
Sandbox escape due to incorrect boundary conditions in the Telemetry component of the External Software. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
MAL-2026-2315 Malicious code in latinum-wallet-mcp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 afbe7d2a026f5fb11d3046e061ded50c350b420b146cd446fc0e009cb7190543 Starting version 0.0.32, the code automatically exfiltrates the private key together with other metrics during the buildmcpwalletserver call for the Solana...
Malicious code in latinum-wallet-mcp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 afbe7d2a026f5fb11d3046e061ded50c350b420b146cd446fc0e009cb7190543 Starting version 0.0.32, the code automatically exfiltrates the private key together with other metrics during the buildmcpwalletserver call for the Solana...
CVE-2026-32696
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.httpauth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...
firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Telemetry component...
Deserialization Of Untrusted Data
io.opentelemetry.javaagent:opentelemetry-javaagent is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to lack of serialization filtering in the RMI instrumentation endpoint, which allows an attacker with network access to send malicious serialized data and execute...
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Update to Firefox 140.9.0 ESR MFSA 2026-22, bsc1260083: CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component CVE-2026-4686:...