10198 matches found
CVE-2026-13754
The affected product is the Tickera – Sell Tickets & Manage Events plugin for WordPress. Affected component: the plugin’s SQL handling exposed by the parameter s, enabling a generic SQL Injection in all versions up to and including 3.6.0.0 due to insufficient escaping of user input and inadequate...
CVE-2026-15022 Tutor LMS <= 4.0.0 - Authenticated (Subscriber+) SQL Injection via Stored Quiz Answer Array
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via Stored Quiz Answer Array in all versions up to, and including, 4.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...
CVE-2026-13754 Tickera <= 3.6.0.0 - Authenticated (Staff+) SQL Injection via 's' Parameter
The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 3.6.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2026-13767 Quiz and Survey Master (QSM) <= 11.2.0 - Authenticated (Custom+) SQL Injection via 'pages' Parameter
The Quiz Master Next plugin for WordPress is vulnerable to SQL Injection via stored quiz page data in versions up to, and including, 11.2.0. This is due to insufficient escaping on the user-supplied 'pages' parameter persisted by the qsmajaxsavepages AJAX handler sanitizetextfield only and lack o...
CVE-2026-15099
The CVE-2026-15099 instance concerns the Delicious Recipes WordPress plugin (
SALTO ProAccess Space
ADVISORY SUMMARY Successful exploitation of this vulnerability allows an authenticated attacker to escalate privileges and access spaces outside their assigned partition, within the same Salto ProAccess Space installation or system. Exploitation requires valid authenticated operator credentials...
CVE-2026-14987
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'twittermessage' Sequoia Template Setting in all versions up to, and including, 4.16.3 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-62312
9Router is an AI router & token saver. Prior to 0.5.2, 9Router allows a remote authenticated attacker to achieve arbitrary code execution on the host operating system by combining a Host header bypass of localhost-only routes with unvalidated MCP plugin args passed to childprocess.spawn, allowing...
CVE-2026-62312
CVE-2026-62312 affects 9Router, an AI router & token saver. Before v0.5.2, an authenticated remote attacker can achieve arbitrary code execution on the host by abusing a Host header bypass of localhost-only routes in combination with unvalidated MCP plugin arguments passed to child_process.spawn(...
CVE-2026-49867
DataEase (open source data visualization tool) contains an authenticated stored XSS in template static resources prior to version 2.10.23. The flaw occurs when authenticated users submit TemplateManageRequest.staticResource via POST /de2api/templateManage/save or via DataVisualizationServer.decom...
CVE-2026-49867 DataEase: Authenticated Stored XSS in DataEase Template Static Resources
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template static resources let authenticated users submit TemplateManageRequest.staticResource through POST /de2api/templateManage/save or DataVisualizationServer.decompression, after which...
CVE-2026-45320
DataEase (open source data visualization/analysis tool) is affected by an SQL injection in dashboard variables. Prior to version 2.10.23, dashboard SQL variables (e.g., ${deptId}) are processed by SqlparserUtils.transFilter(), whose final branch returns raw user input for non-in and non-between o...
CVE-2026-20146 Cisco Identity Services Engine Path Traversal Vulnerability
A vulnerability in Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system to either read or delete arbitrary files. To exploit this vulnerability, the...
CVE-2026-45806
Penpot before 2.15.0 vulnerable to authenticated SSRF in remote image import. The flow passes a user-controlled URL from frontend to the backend RPC method create-file-media-object-from-url, where media/download-image uses a shared HTTP client without destination filtering, allowing an authentica...
CVE-2026-55723 NGINX Ingress Controller vulnerability
When NGINX Ingress Controller is configured with Custom Resource Definitions CRDs or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated NGINX configuration without...
CVE-2026-55723
CVE-2026-55723 betreft een injection kwetsbaarheid in de configuratie generator van de NGINX Ingress Controller. Bij configuratie via CRDs of Ingress-annotaties worden meerdere door de gebruiker beheerde velden in de gegenereerde NGINX-configuratie geschreven zonder sanering. Een geautoriseerde b...
CVE-2026-15804 MetaGuru|HCM - SQL Injection
The HCM developed by MetaGuru has a SQL Injection vulnerability. Authenticated remote attackers can inject SQL commands via specific parameters, thereby compromising the confidentiality, integrity, and availability of database data...
PT-2026-60323
Name of the Vulnerable Software and Affected Versions Wekan versions prior to 9.35 Description The cloneBoard Meteor method in models/import.js fails to invoke the canExport function or verify membership of the source board when using the sourceBoardId variable. This allows an authenticated user...
CVE-2026-61520
The CVE-2026-61520 entry documents a server-side request forgery in Simple Machines Forum (SMF) image proxy. Affected versions are SMF 2.1 prior to commit 4bf35cf and SMF 3.0 prior to commit b4d23df. The vulnerability allows authenticated attackers to trigger internal HTTP requests by embedding a...
CVE-2026-62659
CVE-2026-62659 affects the NETGEAR WAX333 Access Point. The issue enables someone who is already logged in and on the same local network to make unauthorized changes to the device’s settings. The CVSS details show an adjacent attack vector, low attack complexity, high privileges required, and no ...