5180 matches found
WordPress bBlocks – Essential Gutenberg Blocks & Patterns Collection plugin <= 1.9.8 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin B Blocks versions = 1.9.8...
EUVD-2026-26678
Open CASCADE Technology OCCT V800rc5 contains multiple vulnerabilities in its IGES and STEP file parsers that can be triggered by crafted IGES or STEP files. These issues include an out-of-bounds read in Geom2dBSplineCurve::EvalD0 during IGES B-spline curve evaluation, an out-of-bounds read in...
PT-2026-36494
Name of the Vulnerable Software and Affected Versions Open CASCADE Technology OCCT version V8 0 0 rc5 Description Multiple issues exist in the IGES and STEP file parsers that can be triggered by crafted files. These include an out-of-bounds read reading data outside the intended boundary of a...
cross-proxy Digest auth state leak
Successfully using libcurl to do a transfer over a specific HTTP proxy proxyA with Digest authentication and then changing the proxy host to a second one proxyB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Proxy-Authorization: header field meant for proxyA, to...
EUVD-2026-26081
The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials...
CVE-2026-3893 Carlson Software VASCO-B GNSS Receiver Missing Authentication for Critical Function
The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials...
CVE-2026-3893 Carlson Software VASCO-B GNSS Receiver Missing Authentication for Critical Function
The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials...
CVE-2026-3893
The CVE-2026-3893 affects the Carlson VASCO-B GNSS Receiver. The connected PT-Security entry indicates attackers can exploit the absence of authentication to gain unauthenticated remote access, escalate privileges, and move laterally within manufacturing networks, enabling modification of configu...
Carlson VASCO-B GNSS Receiver 访问控制错误漏洞
The Carlson VASCO-B GNSS Receiver is a high-precision satellite positioning receiving device developed by the American company Carlson. The Carlson VASCO-B GNSS Receiver has a access control vulnerability, which stems from the lack of an authentication mechanism. This vulnerability may allow...
Carlson Software VASCO-B GNSS Receiver
RISK EVALUATION Successful exploitation of this vulnerability could enable a remote attacker to alter critical system functions or disrupt device operation. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize...
SUSE CVE-2026-33599
A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade Lua option to newServer or autoupgrade YAML settings. DDR upgrade is not enabled by default...
Swiss-Bench 003: Evaluating LLM Reliability and Adversarial Security for Swiss Regulatory Contexts
The deployment of large language models LLMs in Swiss financial and regulatory contexts demands empirical evidence of both production reliability and adversarial security, dimensions not jointly operationalized in existing Swiss-focused evaluation frameworks. This paper introduces Swiss-Bench 003...
CVE-2026-34544
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via...
CVE-2026-32489
Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through 2.0.30...
CVE-2026-32489
Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through 2.0.30...
CVE-2026-32489 WordPress B Blocks plugin < 2.0.30 - Broken Access Control vulnerability
Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through 2.0.30...
CVE-2026-32489 WordPress B Blocks plugin < 2.0.30 - Broken Access Control vulnerability
Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through 2.0.30...
CVE-2026-32489
Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through 2.0.30...
WordPress plugin B Blocks 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
PT-2026-28003
Name of the Vulnerable Software and Affected Versions bPlugins B Blocks versions prior to 2.0.30 Description An authorization issue exists in bPlugins B Blocks that allows exploitation of incorrectly configured access control security levels. Recommendations Update bPlugins B Blocks to version...