676 matches found
CVE-2026-14352 AR for WooCommerce <= 8.40 - Unauthenticated Path Traversal to Arbitrary File Read via 'file' Parameter
The AR for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...
CVE-2026-14327
The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to and including 8.40 via the 'file' parameter. Unauthenticated attackers can read arbitrary server files. Exploitation requires obtaining a valid nonce via ar_get_fresh_nonce and ar_process_user_ima...
EUVD-2026-40109
Unauthenticated Cross Site Scripting XSS in ARForms = 7.1.2 versions...
SUSE CVE-2026-48112
7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in the Unix ar archive parser in 7-Zip. When parsing a BSD-style .SYMDEF symbol table, the...
CVE-2026-48112
7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in the Unix ar archive parser in 7-Zip. When parsing a BSD-style .SYMDEF symbol table, the...
CVE-2026-8682
The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-48112
7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in the Unix ar archive parser in 7-Zip. When parsing a BSD-style .SYMDEF symbol table, the...
ALPINE-CVE-2026-48112
7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in the Unix ar archive parser in 7-Zip. When parsing a BSD-style .SYMDEF symbol table, the...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the ParseLibSymbols function when parsing a BSD-style .SYMDEF symbol table. An attacker can access sensitive information from uninitialized heap memory by providing a specially crafted Unix ar archive...
EUVD-2026-34857
7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in the Unix ar archive parser in 7-Zip. When parsing a BSD-style .SYMDEF symbol table, the...
CVE-2026-48112 GHSL-2026-122 7-Zip Ar SYMDEF OOB Read
7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in the Unix ar archive parser in 7-Zip. When parsing a BSD-style .SYMDEF symbol table, the...
CVE-2026-48112
7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in the Unix ar archive parser in 7-Zip. When parsing a BSD-style .SYMDEF symbol table, the...
CVE-2026-48112
7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in the Unix ar archive parser in 7-Zip. When parsing a BSD-style .SYMDEF symbol table, the...
CVE-2026-48112
7-Zip versions 9.18–26.00 are affected by a heap out-of-bounds read in the Ar SYMDEF parser and in the Unix ar archive parser. During parsing of a BSD-style __.SYMDEF symbol table, ParseLibSymbols reads a 32-bit namesSize with Get32 at a position that can equal the buffer size, causing a 4-byte r...
CVE-2026-48112 GHSL-2026-122 7-Zip Ar SYMDEF OOB Read
7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in the Unix ar archive parser in 7-Zip. When parsing a BSD-style .SYMDEF symbol table, the...
7-Zip 输入验证错误漏洞
7-Zip is an open-source compression software developed by 7-Zip. Version 9.18 to 26.00 of 7-Zip contained a vulnerability related to input validation errors. This vulnerability stemmed from the BSD SYMDEF parser in the Unix ar archive resolver, where a heap out-of-bound read was possible,...
EUVD-2026-34005
The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...
CVE-2026-8682
The CVE describes a vulnerability in the WordPress plugin “3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On” (versions up to 2.0.1) where an authorization check is bypassed. The issue allows authenticated users with subscriber-level access and above to modify all plugin settings b...
EUVD-2026-32738
The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
PT-2026-44208
The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...