945 matches found
CVE-2026-57833 Joomla Extension - weeblr.com - Unauthenticated stored XSS in 4Analytics < 5.0.2
The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS in relation to the AI analysis feature...
Microsoft PC Manager < 3.22.1.0 Elevation of Privilege (CVE-2026-50438) (July 2026)
The Windows 'Microsoft PC Manager' app installed on the remote host is prior to 3.22.1.0. It is, therefore, affected by an elevation of privilege vulnerability: - A local privilege escalation vulnerability allows an authenticated attacker to escalate privileges beyond the vulnerable component's...
CVE-2026-49971 Laravel-Mediable < 7.0.0 Stored XSS via SVG File Upload
Laravel-Mediable before 7.0.0 contains a stored cross-site scripting vulnerability that allows authenticated or anonymous users to execute arbitrary JavaScript by uploading unsanitized SVG files containing embedded scripts in onload event handlers, script tags, or foreignObject elements. Attacker...
CVE-2026-57828 Joomla Extension - phoca.cz - Authenticated file upload in RSFiles component < 6.1.3
The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE...
CVE-2026-56292 Joomla Extension - acymailing.com - SQL Injection in AcyMailing extension < 10.11.1
A SQLi vulnerability in AcyMailing component 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage...
CVE-2026-53001 affecting package kernel for versions less than 6.6.143.1-1
CVE-2026-53001 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-53037 affecting package kernel for versions less than 6.6.143.1-1
CVE-2026-53037 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...
EUVD-2026-41530
A vulnerability exists in the Kong Konnect Model Context Protocol MCP server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests...
Mozilla Thunderbird < 152.0.1
The version of Thunderbird installed on the remote Windows host is prior to 152.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-63 advisory. - An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing...
CVE-2026-49048 Joomla Extension - joomcoder.com - Unauthenticated SQL Injection in JoomCCK extension for Joomla < 6.4.1
The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation...
CVE-2026-56045
The CVE-2026-56045 entry applies to the WordPress Automatic plugin versions earlier than 3.135.1, with an unauthenticated Cross Site Scripting (XSS) vulnerability. Affected software: WordPress Automatic plugin (
CVE-2025-68064
CVE-2025-68064 concerns a Local File Inclusion vulnerability in the WordPress Goya Core plugin, versions earlier than 1.0.9.4. The issue arises from a faulty file path handling in the plugin, enabling an attacker to access sensitive files. The CVSS 3.1 vector indicates remote access with high imp...
CVE-2026-9709 Themeco Cornerstone < 7.8.9 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Meta Disclosure
The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to disclose the metadata of any other user, including roles, session token previews and stored billing/shipping fields. This affects the premium co...
CVE-2026-8705 ClearSale Total <= 3.4.2 - Unauthenticated SQL Injection
The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the pagsegurometodo POST parameter of the clearsaletotalpush AJAX action in all versions up to, and including, 3.4.2. The handler is registered for unauthenticated users wpajaxnoprivclearsaletotalpush, and although a...
CVE-2026-39821 affecting package golang for versions less than 1.25.11-2
CVE-2026-39821 affecting package golang for versions less than 1.25.11-2. A patched version of the package is available...
CVE-2026-46286 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-46286 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-46108 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-46108 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-45839 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-45839 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-46075 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-46075 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-46064 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-46064 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...