6066 matches found
CVE-2026-20298 Sensitive Information Disclosure through the storage/passwords REST Endpoint in Splunk Enterprise
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.3.2512.15, 10.2.2510.18, and 10.1.2507.24, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could view stored credential hashes...
CVE-2026-57833
The CVE affects the Joomla extension 4Analytics for weeblr.com, with an unauthenticated stored XSS vulnerability in the AI analysis feature present in versions prior to 5.0.2. The underlying issue is a stored XSS in the AI analysis workflow, leading to high impact on confidentiality, integrity, a...
JSONPath Plus < 10.3.0 - Remote Code Execution
Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...
CVE-2025-11698
The CVE-2025-11698 vulnerability affects 5380/5480/5580 controllers with boot firmware versions below 1.072. It enables a denial-of-service by allowing a malicious actor to write invalid file data to the controller, potentially causing a major non-recoverable fault (MNRF). The documents do not pr...
Cockpit Web Console < 360 - Remote Code Execution
Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...
Microsoft PC Manager < 3.22.1.0 Elevation of Privilege (CVE-2026-50438) (July 2026)
The Windows 'Microsoft PC Manager' app installed on the remote host is prior to 3.22.1.0. It is, therefore, affected by an elevation of privilege vulnerability: - A local privilege escalation vulnerability allows an authenticated attacker to escalate privileges beyond the vulnerable component's...
CVE-2026-49971 Laravel-Mediable < 7.0.0 Stored XSS via SVG File Upload
Laravel-Mediable before 7.0.0 contains a stored cross-site scripting vulnerability that allows authenticated or anonymous users to execute arbitrary JavaScript by uploading unsanitized SVG files containing embedded scripts in onload event handlers, script tags, or foreignObject elements. Attacker...
CVE-2026-57827
The CVE-2026-57827 entry concerns the Joomla extension RSFiles (RSFiles component) from rsjoomla.com, affected versions prior to 1.17.12. The vulnerability is an unauthenticated arbitrary file upload that can upload executable files, enabling full remote code execution (RCE). The connected record...
CVE-2026-57827 Joomla Extension - rsjoomla.com - Unauthenticated file upload in RSFiles component < 1.17.12
The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...
CVE-2026-57828 Joomla Extension - phoca.cz - Authenticated file upload in RSFiles component < 6.1.3
The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE...
CVE-2026-54801
A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the we...
CVE-2026-56292 Joomla Extension - acymailing.com - SQL Injection in AcyMailing extension < 10.11.1
A SQLi vulnerability in AcyMailing component 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage...
CVE-2026-56291 Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1
The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...
CVE-2026-56291 Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1
The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...
CVE-2026-53035 affecting package kernel for versions less than 6.6.143.1-1
CVE-2026-53035 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-48618 affecting package nodejs for versions less than 24.17.0-1
CVE-2026-48618 affecting package nodejs for versions less than 24.17.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-52968 affecting package kernel for versions less than 6.6.143.1-1
CVE-2026-52968 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-52977 affecting package kernel for versions less than 6.6.143.1-1
CVE-2026-52977 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-52984 affecting package kernel for versions less than 6.6.143.1-1
CVE-2026-52984 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-53001 affecting package kernel for versions less than 6.6.143.1-1
CVE-2026-53001 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...