341 matches found
CVE-2026-57684
CVE-2026-57684 describes a Cross Site Scripting (XSS) vulnerability in WordPress TheFox theme (versions
CVE-2026-54847
Unauthenticated Broken Access Control in Stylish Cost Calculator = 8.3.9 versions...
EUVD-2026-39684
Unauthenticated Broken Access Control in Stylish Cost Calculator = 8.3.9 versions...
CVE-2026-54847
The CVE-2026-54847 entry concerns the WordPress plugin “Stylish Cost Calculator” (versions
Oracle Linux 9 : python3.9 (ELSA-2026-18693)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18693 advisory. - Security fixes for CVE-2026-4786 and CVE-2026-6100 Resolves: RHEL-167919, RHEL-168161 - Security fix for CVE-2026-4519 Resolves: RHEL-158117 Tenable has...
EUVD-2026-37713
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4...
CVE-2026-42651
Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...
CVE-2026-48714 i18next-http-middleware missingKeyHandler does not reject keys whose segments contain prototype-polluting names
i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. In versions prior to 3.9.7, the missingKeyHandler blocked the literal request-body keys proto, constructor, and prototype added in 3.9.3, see GHSA-5fgg-jcpf-8jjw, but did not...
EUVD-2026-36819
Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...
CVE-2026-42651 WordPress Classified Listing plugin <= 5.3.9 - Broken Access Control vulnerability
Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...
PT-2026-49445
Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...
CVE-2026-48303 Adobe Campaign Classic (ACC) | Incorrect Authorization (CWE-863)
Adobe Campaign Classic ACC versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...
EulerOS 2.0 SP11 : glibc (EulerOS-SA-2026-2243)
According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The iconv function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or...
EUVD-2026-32959
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common...
CVE-2026-3897
The CVE-2026-3897 entry describes a Stored XSS in the Livemesh Addons for Beaver Builder WordPress plugin, via the labb_admin_ajax action. Affected versions are all up to 3.9.2. Root cause is missing authorization checks despite nonce verification, enabling authenticated Subscriber+ users to modi...
EUVD-2026-31986
A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginController.selectDepart of the file /sys/selectDepart. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and m...
RHSA-2026:19571 Red Hat Security Advisory: python3.9 security update
Bulletin has no description...
RHSA-2026:19570 Red Hat Security Advisory: python3.9 security update
Bulletin has no description...
RHSA-2026:18693 Red Hat Security Advisory: python3.9 security update
Bulletin has no description...
Astra Linux – Vulnerability in libcommons-net-java
Prior to Apache Commons Net 3.9.0, Net’s FTP client trusted the host based on the PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user had to connect to the malicious server in the first place. This could result in the leakage of...