353 matches found
LearnPress < 4.3.7 - Information Disclosure
LearnPress WordPress plugin 4.3.7 contains an information disclosure vulnerability caused by missing capability checks on a REST endpoint, letting unauthenticated visitors retrieve sensitive user role and capability data via crafted requests. id: CVE-2026-8383 info: name: LearnPress 4.3.7 -...
CVE-2026-22103 Command injection in NPC start web endpoint
The NPC start endpoint on the web server at port 8090 is vulnerable to command injection...
CVE-2026-22102 Arbitrary file overwrite through certificate update functionality
A POST request sent to a specific webserver endpoint can be used to write to arbitrary file locations. The endpoint accepts the filename parameter in the Content-Disposition header without verification. This can be used to cause a denial of service by overwriting system files, or...
CVE-2026-56303 Capgo - Unauthenticated API Key Metadata Disclosure via SECURITY DEFINER RPC Function
Capgo before 12.128.2 contains an information disclosure vulnerability in the findapikeybyvalue PostgreSQL function marked SECURITY DEFINER and executable by the anon role. Unauthenticated attackers can call this function via the /rest/v1/rpc/findapikeybyvalue endpoint to retrieve sensitive API k...
org.hl7.fhir.core: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint
All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The utility intended to secure this evaluation did so incorrectly, and did not fully cover all places in which evaluation was being done. An attacker can send a resource...
CVE-2026-14721 UTT HiPER 1250GW Web Endpoint ConfigWirelessBase_5g stack-based overflow
A vulnerability has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects an unknown function of the file /goform/ConfigWirelessBase5g of the component Web Endpoint. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack is possible to be carried o...
EUVD-2026-41734
A vulnerability has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects an unknown function of the file /goform/ConfigWirelessBase5g of the component Web Endpoint. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack is possible to be carried o...
CVE-2026-14721
CVE-2026-14721 affects UTT HiPER 1250GW (up to 3.2.7-210907-180535). The vulnerability is in the Web Endpoint’s /goform/ConfigWirelessBase_5g function, where manipulating the ssid argument causes a stack-based buffer overflow. It can be exploited remotely, and the exploit has been disclosed publi...
CVE-2026-14622
A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajaxfiles of the component AJAX Endpoint. Performing a manipulation results in missing authentication. The attack is...
CVE-2026-20706
Summary: CVE-2026-20706 affects Gitea up to version 1.26.1, where the web archive download endpoint allowed bypassing token scope checks, enabling access to repository archives beyond a token’s scope. Affected software: Gitea (versions ≤ 1.26.1). Root cause (as described in the sources): The /arc...
CVE-2026-20706 Gitea repository archive downloads bypass token scope checks
Gitea versions up to and including 1.26.1 allow repository archive downloads to bypass token scope checks on the web archive download endpoint...
CVE-2026-58454
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing to the writable persistent JFFS2 storage path and triggering execution through the authenticated HTT...
CVE-2026-56399
Open WebUI (pre-0.6.27) contains a server-side request forgery in the /api/v1/retrieval/process/web endpoint. The vulnerability allows authenticated users to bypass SSRF protections by manipulating URL parameters with location redirect headers, enabling access to internal services and potentially...
CVE-2026-56399
Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1/retrieval/process/web endpoint that allows authenticated users to bypass SSRF protections. Attackers can manipulate URL parameters with location redirect headers to access internal services and potentiall...
MAL-2026-6572 Malicious code in rebrandly-domains-digger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d1744d2a299b9ef0526f49b4b2297fcd6c72581c51a3359801db56318d8cfda The package declares a preinstall hook that runs node callback.js. On npm install, callback.js collects installer-side identifiers — os.hostname,...
EUVD-2026-38058
mcp-memory-service: OAuth read-only clients can write and delete memories through MCP tools/call...
MAL-2026-6292 Malicious code in @outmarket/utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cd90f0d706cda01a5740f120f6e8d22ae57d907a5000854439c201b3c53a8c0 package.json declares a postinstall lifecycle script that fires automatically on npm install. The inline node -e payload uses hex-encoded property...
CVE-2026-12814
CVE-2026-12814 affects Comfast CF-WR631AX V3 up to version 2.7.0.8. The vulnerability is located in the API Endpoint component, specifically the file path /cgi-bin/mbox-config?section=ping_config, where manipulation of the destination argument leads to an OS command injection. The issue can be ex...
CVE-2026-10850 Plane 1.3.1 - Stored XSS in intake issue description_html
Plane CE 1.3.1 allows a low-privileged project member to submit arbitrary HTML/JS in the descriptionhtml field when creating an intake work item through the API v1 intake endpoint...
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' when dispatching HTTP requests to endpoint attributes via getattr. An attacker can invoke internal...