Lucene search
K

676 matches found

Cvelist
Cvelist
added 2026/07/03 4:30 a.m.35 views

CVE-2026-14352 AR for WooCommerce <= 8.40 - Unauthenticated Path Traversal to Arbitrary File Read via 'file' Parameter

The AR for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS0.00473EPSS
Exploits0References7
CVE
CVE
added 2026/07/03 1:28 a.m.22 views

CVE-2026-14327

The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to and including 8.40 via the 'file' parameter. Unauthenticated attackers can read arbitrary server files. Exploitation requires obtaining a valid nonce via ar_get_fresh_nonce and ar_process_user_ima...

7.5CVSS5.9AI score0.00459EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/29 1:36 p.m.9 views

EUVD-2026-40109

Unauthenticated Cross Site Scripting XSS in ARForms = 7.1.2 versions...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/09 2:20 a.m.13 views

SUSE CVE-2026-48112

7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in the Unix ar archive parser in 7-Zip. When parsing a BSD-style .SYMDEF symbol table, the...

3.3CVSS5.6AI score0.00267EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/08 1:35 p.m.11 views

CVE-2026-48112

7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in the Unix ar archive parser in 7-Zip. When parsing a BSD-style .SYMDEF symbol table, the...

6.5CVSS5.7AI score0.00267EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.16 views

CVE-2026-8682

The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.6AI score0.00232EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 5:16 p.m.21 views

CVE-2026-48112

7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in the Unix ar archive parser in 7-Zip. When parsing a BSD-style .SYMDEF symbol table, the...

6.5CVSS0.00267EPSS
Exploits1References1
OSV
OSV
added 2026/06/05 5:16 p.m.5 views

ALPINE-CVE-2026-48112

7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in the Unix ar archive parser in 7-Zip. When parsing a BSD-style .SYMDEF symbol table, the...

6.5CVSS5.5AI score0.00267EPSS
Exploits1References1
Snyk
Snyk
added 2026/06/05 5:12 p.m.7 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the ParseLibSymbols function when parsing a BSD-style .SYMDEF symbol table. An attacker can access sensitive information from uninitialized heap memory by providing a specially crafted Unix ar archive...

7.1CVSS5.4AI score0.00267EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/05 4:20 p.m.12 views

EUVD-2026-34857

7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in the Unix ar archive parser in 7-Zip. When parsing a BSD-style .SYMDEF symbol table, the...

6.5CVSS5.7AI score0.00267EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/05 4:20 p.m.14 views

CVE-2026-48112 GHSL-2026-122 7-Zip Ar SYMDEF OOB Read

7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in the Unix ar archive parser in 7-Zip. When parsing a BSD-style .SYMDEF symbol table, the...

6.5CVSS5.7AI score0.00267EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 4:20 p.m.17 views

CVE-2026-48112

7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in the Unix ar archive parser in 7-Zip. When parsing a BSD-style .SYMDEF symbol table, the...

6.5CVSS5.7AI score0.00267EPSS
Exploits1References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/05 4:20 p.m.9 views

CVE-2026-48112

7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in the Unix ar archive parser in 7-Zip. When parsing a BSD-style .SYMDEF symbol table, the...

6.5CVSS5.6AI score0.00267EPSS
Exploits1References1
CVE
CVE
added 2026/06/05 4:20 p.m.52 views

CVE-2026-48112

7-Zip versions 9.18–26.00 are affected by a heap out-of-bounds read in the Ar SYMDEF parser and in the Unix ar archive parser. During parsing of a BSD-style __.SYMDEF symbol table, ParseLibSymbols reads a 32-bit namesSize with Get32 at a position that can equal the buffer size, causing a 4-byte r...

6.5CVSS5.7AI score0.00267EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/05 4:20 p.m.53 views

CVE-2026-48112 GHSL-2026-122 7-Zip Ar SYMDEF OOB Read

7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in the Unix ar archive parser in 7-Zip. When parsing a BSD-style .SYMDEF symbol table, the...

6.5CVSS0.00267EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.10 views

7-Zip 输入验证错误漏洞

7-Zip is an open-source compression software developed by 7-Zip. Version 9.18 to 26.00 of 7-Zip contained a vulnerability related to input validation errors. This vulnerability stemmed from the BSD SYMDEF parser in the Unix ar archive resolver, where a heap out-of-bound read was possible,...

6.5CVSS5.3AI score0.00267EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/02 6:30 p.m.15 views

EUVD-2026-34005

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

7.5CVSS5.9AI score0.01383EPSS
Exploits1References2
CVE
CVE
added 2026/05/28 6:45 a.m.28 views

CVE-2026-8682

The CVE describes a vulnerability in the WordPress plugin “3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On” (versions up to 2.0.1) where an authorization check is bypassed. The issue allows authenticated users with subscriber-level access and above to modify all plugin settings b...

4.3CVSS5.9AI score0.00232EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/28 6:45 a.m.15 views

EUVD-2026-32738

The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.00232EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.24 views

PT-2026-44208

The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.00232EPSS
Exploits0References9
Rows per page
Query Builder