2851566 matches found
EUVD-2026-42551
Insertion of sensitive information into sent data vulnerability in Sayax Energy Technologies Inc. OSOS allows Authentication Bypass. This issue affects OSOS: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...
CVE-2026-47828
creationtimestamp| type| source ---|---|--- 2026-07-09 08:36:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq7a4pl3ul2k...
CVE-2026-47830
creationtimestamp| type| source ---|---|--- 2026-07-09 08:31:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq77tqjgfr27...
CVE-2026-47829
creationtimestamp| type| source ---|---|--- 2026-07-09 08:26:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq77krzyza2e...
EUVD-2026-42548
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Inrove Software and Internet Services BiEticaret allows SQL Injection. This issue affects BiEticaret: before v3.3.57...
EUVD-2026-42547
HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read by a local user...
CVE-2026-5793 XSS in Inrove Software's BiEticaret
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Inrove Software and Internet Services BiEticaret allows Reflected XSS. This issue affects BiEticaret: before v3.3.57...
CVE-2026-5793
BiEticaret (Inrove Software and Internet Services) contains a reflected XSS due to improper input neutralization during web page generation. Affected: BiEticaret prior to v3.3.57. CVSSv3.1 metrics indicate Network attack vector, Low attack complexity, Privileges None, User Interaction Required, C...
CVE-2026-59269
A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain elevated permissions in the clusters, only if all the following conditions were true: the Pinniped Supervisor server is running with an ActiveDirectoryIdentityProvider resource configured; the...
CVE-2026-8848
The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.22.0. This is due to the plugin not properly verifying that a user is authorized to perform an...
CVE-2026-5523
creationtimestamp| type| source ---|---|--- 2026-07-09 08:07:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq76hzxyyb26 2026-07-09 11:49:32+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mq7kvszdyh27...
gstreamer1-plugins-bad-free: GStreamer: Heap buffer overflow via crafted VNC server rectangle in librfb
A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a...
EUVD-2026-42541
The Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress is vulnerable to unauthorized plugin installation and activation in versions up to, and including, 3.4. This is due to a missing capability check and missing nonce validation on the...
CVE-2026-11359
The CVE-2026-11359 entry relates to the Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress. Affected versions up to 3.4 are vulnerable due to missing capability checks and nonce validation in the pg_install_profilegrid() AJAX handler (wp_ajax_...
CVE-2026-13450
The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.9.4 via the 'access' parameter due to missing validation on a user controlled key. This...
EUVD-2026-42538
The Mang Board WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'stag' parameter in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2026-47840
creationtimestamp| type| source ---|---|--- 2026-07-09 07:54:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mq75qsv2b42w 2026-07-09 08:41:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq7afnzxnt27...
CVE-2026-33390
An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...
CVE-2026-33390
Summary: CVE-2026-33390 affects Arc sensors’ synchronization in Guardian/CMC prior to version 26.2.0. The root cause is an incorrect privilege assignment where Arc sensors receive CLI permissions during sync, allowing an authenticated user with limited privileges to issue administrative CLI comma...
EUVD-2026-42529
Permissive Cross-Origin Resource Sharing CORS in the REST API helix-rest, org.apache.helix.rest.server.filters.CORSFilter in Apache Helix through 2.0.0 on all platforms allows a remote attacker controlling a web page visited by an authorized user to read responses from and issue cross-origin...