4957 matches found
CVE-2026-42329
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...
CVE-2026-45187
Improper Authorization vulnerability in Apache OFBiz Webtools. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
CVE-2026-25436
Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal Elementor Addons: from n/a before 1.7.1053...
EUVD-2026-34906
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an authenticated attacker can inject malicious JavaScript into their Open XDMoD user profile and abuse the password reset functionality to email a link to an HTML page, which when visited by the...
CVE-2026-44441
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.106.0 and 16.16.0, a malicious user could send a crafted request to an endpoint, which would lead to the server making an HTTP call to a service of the user's choice. This vulnerability is fixed in 15.106.0 and 16.16...
CVE-2026-7399
Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc. PDKS allows Privilege Abuse. This issue affects PDKS: from V16.20200313 before VMYR3.5.2025117...
CVE-2025-1176 affecting package gdb for versions less than 13.2-9
CVE-2025-1176 affecting package gdb for versions less than 13.2-9. A patched version of the package is available...
WordPress WP User Manager plugin <= 2.9.16 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by endy in WordPress Plugin WP User Manager versions = 2.9.16...
PT-2026-46933
Ericsson Packet Core Gateway PCG versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure CWE-228 vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the...
DEBIAN-CVE-2026-11212
Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-11292
CVE-2026-11292 : A CSP bypass vulnerability in Blink used by Google Chrome prior to 149.0.7827.53 allows remote attackers to bypass content security policy through a crafted HTML page. Affected component is Blink in Chrome/Chromium; exploitation is possible over the network with user interaction ...
WordPress Cornerstone plugin < 7.8.8 - Arbitrary Code Execution vulnerability
Arbitrary Code Execution vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Cornerstone versions 7.8.8...
CodexBar security vulnerabilities
CodexBar is an AI programming service usage monitoring tool developed by Peter Steinberger. Versions of CodexBar prior to 0.32.0 contained security vulnerabilities. These vulnerabilities were caused by a session cookie leakage issue, which could allow network attackers to exploit the improper...
Apache ActiveMQ security vulnerabilities
Apache ActiveMQ is an open-source messaging middleware developed by the Apache Foundation in the United States. It supports Java Message Service, clustering, Spring Framework, etc. There is a security vulnerability in Apache ActiveMQ. This vulnerability stems from the MessageServlet in the web...
CVE-2026-27136 affecting package cert-manager for versions less than 1.12.15-8
CVE-2026-27136 affecting package cert-manager for versions less than 1.12.15-8. A patched version of the package is available...
CVE-2026-46597 affecting package kubevirt for versions less than 1.7.1-5
CVE-2026-46597 affecting package kubevirt for versions less than 1.7.1-5. A patched version of the package is available...
CVE-2026-27136 affecting package telegraf for versions less than 1.31.0-21
CVE-2026-27136 affecting package telegraf for versions less than 1.31.0-21. A patched version of the package is available...
CVE-2026-39830 affecting package gh for versions less than 2.62.0-16
CVE-2026-39830 affecting package gh for versions less than 2.62.0-16. A patched version of the package is available...
CVE-2026-39834 affecting package gh for versions less than 2.62.0-16
CVE-2026-39834 affecting package gh for versions less than 2.62.0-16. A patched version of the package is available...
CVE-2026-42506 affecting package docker-buildx for versions less than 0.14.0-13
CVE-2026-42506 affecting package docker-buildx for versions less than 0.14.0-13. A patched version of the package is available...