320 matches found
CVE-2026-15496 SonicCloudOrg sonic-agent Groovy Script GroovyScriptImpl.java evalIsFailed os command injection
A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java of the component Groovy Script Handler. The manipulation results in os command...
CVE-2026-15496
SonicCloudOrg sonic-agent (up to version 2.7.2) contains a remote os command injection in GroovyScriptImpl.evalIsFailed within Groovy Script Handler. The vulnerable function is in sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java. Exploitation is public and report...
CVE-2026-9028
The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.7.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers t...
CVE-2026-12154
The CVE concerns the WordPress plugin Reviews Widgets for Google, Yelp & TripAdvisor (fb-reviews-widget)
GHSA-3VCG-PV95-PQ54 SFTPGo has stored XSS via inline parameter on public shares and user file download
Summary The inline query parameter on the browsable-share file download and on the authenticated user file download suppressed Content-Disposition: attachment, so an HTML file stored in a share or home directory could be served as text/html and execute in SFTPGo's web origin stored XSS. Impact Lo...
GHSA-H64P-8H4R-6GFH SFTPGo has path confinement bypass in public browsable share partial ZIP download
Summary The public web-client endpoint for partial ZIP downloads of a browsable share did not correctly confine the client-supplied files entries to the shared directory. A requester able to reach a public share could read files located outside the shared directory, as long as the target's...
EUVD-2026-40103
Subscriber Broken Access Control in Wallet System for WooCommerce = 2.7.6 versions...
WordPress Gravity Bookings plugin <= 2.7.1 - Authenticated (Subscriber+) Time-Based SQL Injection vulnerability
Authenticated Subscriber+ Time-Based SQL Injection vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Gravity Forms Bookings premium versions = 2.7.1...
CVE-2026-12814
A flaw has been found in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function system of the file /cgi-bin/mbox-config?section=pingconfig of the component API Endpoint. This manipulation of the argument destination causes os command injection. The attack is possible to be carried o...
CVE-2026-52703 WordPress FastDup plugin <= 2.7.2 - Path Traversal vulnerability
Unauthenticated Path Traversal in FastDup = 2.7.2 versions...
Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.7 Container Release Update
An update is now available for Red Hat Ansible Automation Platform 2.7 Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams,...
CVE-2026-8251
A vulnerability was found in Open5GS up to 2.7.7. This impacts the function updateauthorizedpccruleandqos of the file /src/smf/npcf-handler.c of the component SMF. Performing a manipulation results in denial of service. The attack is possible to be carried out remotely. The exploit has been made...
EUVD-2026-33702
Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, a privilege escalation vulnerability exists in the Approval app that allows a user without sharing permissions to force the system to share a file with approvers. This results in an authorization bypass and...
CVE-2026-45275
CVE-2026-45275 affects Nextcloud with the Approval app prior to version 2.7.2. A privilege-escalation flaw allows a user who lacks sharing permissions to trigger the system to share a file with approvers, resulting in an authorization bypass and potential unauthorized distribution of restricted f...
Astra Linux – Vulnerability in Ansible
A flaw was discovered in Ansible Engine when using Ansible Vault to edit encrypted files. When a user executes “ansible-vault edit”, another user on the same computer can read the old and new secrets. This occurs because the secrets are created in a temporary file using mkstemp, and after the fil...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol RDP. In versions prior to 2.7.0, NT LAN Manager NTLM authentication does not properly abort when someone provides an empty password value. This issue affects FreeRDP-based RDP Server implementations. RDP clients are not affected. The...
CVE-2026-37281
CVE-2026-37281 affects hitarth-gg Zenshin before 2.7.0. An OS command injection exists in the /stream-to-vlc Express route, allowing remote execution via the url parameter. Impact is critical (CVSS 3.1: 9.8). Remediation: upgrade to version 2.7.0 or later. Exploitation status is not provided in t...
PT-2026-41946
Name of the Vulnerable Software and Affected Versions hitarth-gg Zenshin versions prior to 2.7.0 Description An OS command injection flaw exists in the '/stream-to-vlc' Express route. This allows remote attackers to execute arbitrary commands on the host operating system by manipulating the url...
CVE-2026-8746 Open5GS NRF nghttp2-server.c discover_handler use after free
A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discoverhandler in the library /lib/sbi/nghttp2-server.c of the component NRF. The manipulation results in use after free. The attack can be launched remotely. The exploit has been released to the...
OESA-2026-2300 python-urllib3 security update
HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen...,...