1874 matches found
Cockpit Web Console < 360 - Remote Code Execution
Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...
CVE-2026-54801
A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the we...
CVE-2026-56291 Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1
The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...
CVE-2026-52969 affecting package kernel for versions less than 6.6.143.1-1
CVE-2026-52969 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-52977 affecting package kernel for versions less than 6.6.143.1-1
CVE-2026-52977 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-52962 affecting package kernel for versions less than 6.6.143.1-1
CVE-2026-52962 affecting package kernel for versions less than 6.6.143.1-1. A patched version of the package is available...
CVE-2026-53035 affecting package kernel for versions less than 6.6.143.1-1
CVE-2026-53035 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-52968 affecting package kernel for versions less than 6.6.143.1-1
CVE-2026-52968 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-52984 affecting package kernel for versions less than 6.6.143.1-1
CVE-2026-52984 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...
NPM: Better Auth has an account takeover issue via OAuth auto-link to unverified pre-registered email
NPM: Better Auth has an account takeover issue via OAuth auto-link to unverified pre-registered email vulnerability discovered by ? in WordPress Npm better-auth versions 1.6.11...
NPM: Better Auth vulnerable to unauthorized invitation acceptance via unverified email match in organization plugin
NPM: Better Auth vulnerable to unauthorized invitation acceptance via unverified email match in organization plugin vulnerability discovered by ? in WordPress Npm better-auth versions 1.6.11...
PYSEC-2026-1797 Cross-Frame Scripting vulnerability has been found on Plone CMS
A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting version below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element...
CVE-2026-22555 Gitea organization forks can expose organization secrets without create permission
Gitea versions before 1.26.0 allow API users to fork a repository into an organization without first passing the CanCreateOrgRepo check, which can expose organization secrets...
CVE-2026-57764
Contributor Cross Site Scripting XSS in Surbma | Yoast SEO Breadcrumb Shortcode = 1.2 versions...
CVE-2026-12505 affecting package cifs-utils for versions less than 7.6-1
CVE-2026-12505 affecting package cifs-utils for versions less than 7.6-1. An upgraded version of the package is available that resolves this issue...
WordPress RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin <= 6.0.9.1 - Cross-Site Request Forgery to Privilege Escalation vulnerability
Cross-Site Request Forgery to Privilege Escalation vulnerability discovered by ? in WordPress Plugin RegistrationMagic versions = 6.0.9.1...
PYSEC-2026-511 Qiskit allows arbitrary code execution decoding QPY format versions < 13
Impact A maliciously crafted QPY file can potentially execute arbitrary-code embedded in the payload without privilege escalation when deserializing QPY formats 13. A python process calling Qiskit's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded in the corre...
PYSEC-2026-510 Qiskit allows arbitrary code execution decoding QPY format versions < 13
Impact A maliciously crafted QPY file can potentially execute arbitrary-code embedded in the payload without privilege escalation when deserializing QPY formats 13. A python process calling Qiskit's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded in the corre...
CVE-2026-57431
Author Cross Site Scripting XSS in Featured Image = 2.1 versions...
CVE-2026-56045 WordPress Automatic plugin < 3.135.1 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Automatic 3.135.1 versions...