760 matches found
CVE-2026-32294
JetKVM before 0.5.4 fails to verify downloaded firmware authenticity, enabling an attacker-in-the-middle or compromised update server to modify firmware and its SHA256 hash to pass verification. Impact is limited to local impact with high integrity risk, per CVSS 3.1/4.0 metrics: local access, hi...
EUVD-2026-11164
Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access...
CVE-2026-30900
Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access...
Zoom Clients for Windows 安全漏洞
Zoom Clients for Windows is a video conferencing software developed by the American company Zoom. There is a security vulnerability in Zoom Clients for Windows, which stems from improper version checking in the update function. This vulnerability could allow authenticated users to gain elevated...
CVE-2026-28452
OpenClaw versions prior to 2026.2.14 contain a denial of service vulnerability in the extractArchive function within src/infra/archive.ts that allows attackers to consume excessive CPU, memory, and disk resources through high-expansion ZIP and TAR archives. Remote attackers can trigger resource...
EUVD-2026-9901
OpenClaw versions prior to 2026.2.14 contain a denial of service vulnerability in the extractArchive function within src/infra/archive.ts that allows attackers to consume excessive CPU, memory, and disk resources through high-expansion ZIP and TAR archives. Remote attackers can trigger resource...
CVE-2026-27898
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to version 1.35.4, an authenticated regular user can specify another user’s cipherid and call "PUT /api/ciphers/id/partial" Even though the standard retrieval API correctly denies access...
CVE-2026-1442
Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker or anyone paying attention, the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models...
CVE-2026-2933
YiFang CMS
PT-2026-21422
A security vulnerability has been detected in YiFang CMS up to 2.0.5. This impacts the function update of the file app/db/admin/D friendLinkGroup.php of the component Extended Management Module. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the...
WordPress OneClick Chat to Order plugin <= 1.0.9 - Missing Authorization to Authenticated (Editor+) Plugin Settings Update vulnerability
Missing Authorization to Authenticated Editor+ Plugin Settings Update vulnerability discovered by Mohammad Amin Hajian mamadrce in WordPress Plugin OneClick Chat to Order versions = 1.0.9...
WordPress Remove Post Type Slug plugin <= 1.0.2 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Remove Post Type Slug versions = 1.0.2...
WordPress Keybase.io Verification plugin <= 1.4.5 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Keybase.io Verification versions = 1.4.5...
CVE-2026-1750
The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.0.7. This is due to a missing capability check in the 'savecustomuserprofilefields' function. This makes it possible for authenticated attackers, with...
CVE-2025-15157 Starfish Review Generation & Marketing for WordPress <= 3.1.19 - Authenticated (Subscriber+) Arbitrary Options Update via srm_restore_options_defaults
The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srmrestoreoptionsdefaults' function in all versions up to, and including, 3.1.19. This...
CVE-2026-25961
SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hostname verification INTERNETFLAGIGNORECERTCNINVALID and executes installers without signature checks. A network attacker with any valid TLS certificate e.g., Let's Encrypt can...
CVE-2026-2196 code-projects Online Reviewer System exam-update.php sql injection
A vulnerability was found in code-projects Online Reviewer System 1.0. This issue affects some unknown processing of the file /system/system/admins/assessments/pretest/exam-update.php. The manipulation of the argument testid results in sql injection. The attack may be performed from remote. The...
WordPress Getwid plugin <= 2.0.10 - Missing Authorization to Google API key update vulnerability
Missing Authorization to Google API key update vulnerability discovered by Peter Thaleikis in WordPress Plugin Getwid versions = 2.0.10...
WordPress EventON < 2.2.8 - Unauthenticated Arbitrary Post Metadata Update vulnerability
Unauthenticated Arbitrary Post Metadata Update vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 2.2.8...
CVE-2026-1380
CVE-2026-1380 affects the Bitcoin Donate Button WordPress plugin (