1868961 matches found
XWiki DeleteApplication - Cross-Site Scripting
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 6.2-milestone-1 through 16.10.9 and 17.0.0-rc-1 through 17.4.1 of both XWiki Platform Flamingo Skin Resources and XWiki Platform Web Templates are vulnerable to a reflected XSS attack...
Adminer 4.6.2 - 5.4.1 Unauthenticated Persistent DoS
Adminer = 5.4.1 contains a denial of service caused by lack of origin validation in version check endpoint, letting attackers trigger server errors via crafted POST requests, exploit requires no special privileges. id: CVE-2026-25892 info: name: Adminer 4.6.2 - 5.4.1 Unauthenticated Persistent Do...
Arcserve UDP <= 9.0.6034 - Authentication Bypass
Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute a...
vLLM 0.8.3 - 0.14.0 - Information Disclosure
vLLM 0.8.3 to - 0.14.1 contains an information disclosure caused by leaking a heap address in error messages from the multimodal endpoint when processing invalid images, letting remote attackers reduce ASLR entropy, exploit requires sending invalid images. id: CVE-2026-22778 info: name: vLLM 0.8....
Hippoo Mobile App for WooCommerce <= 1.7.1 - Unauthenticated Arbitrary File Read
The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to and including 1.7.1 via the templateredirect function. The plugin registers 'hippooserve' as a WordPress query variable and uses it to serve PWA files from the pwa/ directory. In...
Apache ActiveMQ - Remote Code Execution via HTTP Discovery Transport Bypass
Apache ActiveMQ before 5.19.6 and 6.0.0 through 6.2.4 is vulnerable to remote code execution via a bypass of the CVE-2026-34197 security fix. The original fix blocked the "vm://" transport scheme in BrokerView.addNetworkConnector and BrokerView.addConnector to prevent authenticated attackers from...
Vite - Path Traversal
Vite versions prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13 contain a file exposure vulnerability caused by improper handling of request URLs with '' in the dev server running on Node or Bun, letting attackers access arbitrary files, exploit requires the server to be exposed to the network an...
Windmill/Nextcloud Flow < 1.603.3 - Unauthenticated Path Traversal
Windmill 1.603.3 contains a path traversal caused by unsanitized filename parameter in getlogfile endpoint, letting unauthenticated attackers read arbitrary files on the server, exploit requires no authentication. id: CVE-2026-29059 info: name: Windmill/Nextcloud Flow 1.603.3 - Unauthenticated Pa...
SureForms <= 1.13.1 - Sensitive Information Exposure
SureForms WordPress plugin = 1.13.1 contains a sensitive information exposure caused by setting 'authcallback' to 'returntrue' in 'srfmemailnotification' post meta registration, letting unauthenticated attackers access sensitive email notification data, exploit requires no authentication. id:...
W3 Total Cache < 2.8.2 - Log File Exposure
The plugin is vulnerable to Information Exposure through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For example, the log file may contain nonce values that can be used in further CSRF...
Xerte Online Toolkits <= 3.15 - Remote Code Execution
Xerte Online Toolkits versions 3.15 and earlier expose the elFinder file manager connector at /editor/elfinder/php/connector.php without authentication CVE-2026-34413, because the access-control redirect for unauthenticated users does not call exit/die and execution continues server-side. This is...
Open WebUI 'LDAP Empty Password' - Authentication Bypass
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accep...
PrestaShop lgcookieslaw - SQL Injection
The EU Cookie Law GDPR Banner + Blocker PrestaShop module before 2.1.3 allows blind SQL injection via the lglaw or lgcookieslaw cookie used to store user consent choices. id: CVE-2022-44727 info: name: PrestaShop lgcookieslaw - SQL Injection author: mastercho severity: critical description: | The...
Scramble Laravel - Remote Code Execution
Scramble for Laravel = 0.13.2 and = 0.13.2 and 0.13.22 contains a remote code execution caused by evaluation of user-controlled input in validation rules during documentation generation, letting remote attackers execute arbitrary PHP code, exploit requires publicly accessible documentation...
Bitrix Site Management 2.x - Open Redirect
Bitrix Site Management 2.x contains an open redirect vulnerability allowing attackers to redirect users to arbitrary external sites via crafted redirect parameters. id: CVE-2008-2052 info: name: Bitrix Site Management 2.x - Open Redirect author: pikpikcu,gtrrnr,liangtovi-debug severity: medium...
Qwik - Unauthenticated RCE via server$ Deserialization
Qwik =1.19.0 contains an insecure deserialization vulnerability in the server$ RPC mechanism, letting unauthenticated attackers execute arbitrary code remotely, exploit requires require availability at runtime. id: CVE-2026-27971 info: name: Qwik - Unauthenticated RCE via server$ Deserialization...
URL Shortify <= 1.12.1 - Open Redirect
The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirectto' parameter in the promotional dismissal handler. This makes it possible for unauthenticated attackers to redirect users to potentiall...
LatePoint <= 5.0.12 - Authentication Bypass
LatePoint plugin for WordPress versions up to 5.0.12 contains an authentication bypass caused by insufficient verification of user during booking, letting unauthenticated attackers log in as any existing user if they have user ID access, exploit requires access to user ID, and the 'Use WordPress...
WordPress Perfect Images (WP Retina 2x) < 6.4.6 - Sensitive Information Exposure
Jordy Meow Perfect Images Manage Image Sizes, Thumbnails, Replace, Retina versions up to 6.4.5 contain a vulnerability that exposes sensitive information to unauthorized actors, letting attackers access confidential data, exploit requires no specific conditions. id: CVE-2023-44982 info: name:...
JIRA Workflow Designer Plugin in Atlassian JIRA Server > 6.3.0 - Remote Code Execution (XXE)
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. id: CVE-2017-5983 info: name:...