124167 matches found
CVE-2026-60109
Zeek before 8.0.9 contains a null pointer dereference vulnerability in its Kerberos protocol analyzer that allows unauthenticated remote attackers to crash the sensor by sending a crafted KRBERROR message with error-code 25 KDCERRPREAUTHREQUIRED containing a PA-DATA element with padata-type 2, 3,...
CVE-2026-60108 Zeek < 8.0.9 Uncontrolled Memory Consumption DoS via FTP Analyzer
Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer that allows unauthenticated remote attackers to cause process termination by sending a crafted FTP control session negotiating AUTH GSSAPI followed by a large ADAT control line. Attackers can exploit t...
CVE-2026-60095
Vinchin Backup & Recovery through 9.0.0.86562 contains a stack buffer overflow vulnerability in the ModuleHandShake function of the agentlinkserver service that allows unauthenticated remote attackers to overwrite the saved return address by supplying an oversized listenuuid field that is measure...
CVE-2026-60095
Vinchin Backup & Recovery 9.0.0.86562 is affected by a stack buffer overflow in the agentlink_server’s ModuleHandShake function. The flaw arises from copying an oversized _listen_uuid (measured via strlen) into a fixed-length stack buffer using strcpy(), allowing unauthenticated remote attackers ...
CVE-2026-60095 Vinchin Backup & Recovery 9.0.0.86562 Stack Buffer Overflow via ModuleHandShake
Vinchin Backup & Recovery through 9.0.0.86562 contains a stack buffer overflow vulnerability in the ModuleHandShake function of the agentlinkserver service that allows unauthenticated remote attackers to overwrite the saved return address by supplying an oversized listenuuid field that is measure...
CVE-2026-60094
Vulnerability overview (CVE-2026-60094): Vinchin Backup & Recovery up to 9.0.0.86562 is affected by a heap buffer overflow in the agentlink_server. According to the records, an unauthenticated remote attacker can send a malformed TCP packet with an unchecked body_len field, passing an attacker-co...
CVE-2026-9253 WP Cost Estimation & Payment Forms Builder (E&P Forms) <= 10.5.97 - Unauthenticated Stored Cross-Site Scripting via 'customerInfos' Parameter
The WP Cost Estimation & Payment Forms Builder E&P Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customerInfos' parameter in all versions up to, and including, 10.5.97 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-9028
The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.7.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers t...
CVE-2026-9021
The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering the easyinvoiceacceptquote and easyinvoicedeclinequote AJAX actions via wpajaxnopriv hooks and relying solely on a quote-scoped nonce that i...
CVE-2026-56291
The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...
EUVD-2026-42573
The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...
CVE-2026-56291
Balbooa Forms (Joomla extension) is affected by CVE-2026-56291 due to an unauthenticated arbitrary file upload that can lead to full RCE. Affected product/version: Balbooa Forms extension for Joomla, versions
CVE-2026-56291 Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1
The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...
EUVD-2026-42567
The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering the easyinvoiceacceptquote and easyinvoicedeclinequote AJAX actions via wpajaxnopriv hooks and relying solely on a quote-scoped nonce that i...
CVE-2026-9021
The CVE concerns the WordPress plugin Easy Invoice (WordPress plugin) with vulnerability in versions up to 2.1.19. The root cause is Missing Authorization via AJAX actions easy_invoice_accept_quote and easy_invoice_decline_quote , registered with wp_ajax_nopriv_ hooks and relying on a quote-scope...
CVE-2026-9021 Easy Invoice <= 2.1.19 - Unauthenticated Arbitrary Quote Accept/Decline and Invoice Creation via easy_invoice_accept_quote / easy_invoice_decline_quote AJAX Actions
The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering the easyinvoiceacceptquote and easyinvoicedeclinequote AJAX actions via wpajaxnopriv hooks and relying solely on a quote-scoped nonce that i...
CVE-2026-9028 CorvusPay WooCommerce Payment Gateway <= 2.7.4 - Missing Authorization to Unauthenticated Arbitrary Order Cancellation via 'order_number' Parameter
The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.7.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers t...
CVE-2026-9028
The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.7.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers t...
CVE-2026-9027
Summary of the CVE-2026-9027 issue : The CorvusPay WooCommerce Gateway for WordPress (versions up to 2.7.4) is vulnerable to a payment bypass via improper verification of the cryptographic signature. The REST endpoint POST /wp-json/corvuspay/success/ is registered with a permissive permission cal...
CVE-2026-9028
Technical details are not publicly available in the provided documents. Monitor for updates.