486336 matches found
CVE-2026-6040
A vulnerability was found in LibreOffice. If a user inadvertently opens a malicious OpenDocument Format ODF file, an attacker could execute unauthorized code and potentially gain full control of the system. Mitigation Users should exercise caution and avoid opening untrusted OpenDocument Format O...
CVE-2026-8357
A vulnerability has been identified in LibreOffice Calc. An application crash may occur if a user opens a malicious spreadsheet that contains excessively long formulas. Successful exploitation of this vulnerability could result in a denial of service or potentially lead to arbitrary code executio...
WordPress Offload, AI & Optimize with Cloudflare Images plugin <= 1.10.2 - Authenticated (Author+) Remote Code Execution vulnerability
Authenticated Author+ Remote Code Execution vulnerability discovered by Yat in WordPress Plugin Offload, AI & Optimize with Cloudflare Images versions = 1.10.2...
CVE-2026-55742
Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the administration rights handler. In system/admin/admin.rights.php, the rights update action 'a=update' modifies group access rights including via cotauthaddgroup without calling cotcheckxg to validate th...
CVE-2026-9815
The MagicForm WordPress plugin through 0.1.3 does not properly validate the type of files uploaded through an unauthenticated AJAX action when a form's per-field extension allowlist is left empty, allowing unauthenticated attackers to upload PHP files and execute arbitrary code on the server...
CVE-2026-9860
The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.10.2 via the 'account-id' parameter parameter. This is due to insufficient privilege enforcement on the cfimagesdosetup AJAX handler, which require...
EUVD-2026-37854
Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the administration rights handler. In system/admin/admin.rights.php, the rights update action 'a=update' modifies group access rights including via cotauthaddgroup without calling cotcheckxg to validate th...
EUVD-2026-37852
The MagicForm WordPress plugin through 0.1.3 does not properly validate the type of files uploaded through an unauthenticated AJAX action when a form's per-field extension allowlist is left empty, allowing unauthenticated attackers to upload PHP files and execute arbitrary code on the server...
CVE-2026-9815
The CVE-2026-9815 entry concerns the MagicForm WordPress plugin (versions up to 0.1.3). The affected component is the file upload path via an unauthenticated AJAX action, where the per-field extension allowlist being empty leads to improper validation of uploaded file types. As a result, unauthen...
CVE-2026-9815 MagicForm <= 0.1.3 - Unauthenticated Arbitrary File Upload to RCE
The MagicForm WordPress plugin through 0.1.3 does not properly validate the type of files uploaded through an unauthenticated AJAX action when a form's per-field extension allowlist is left empty, allowing unauthenticated attackers to upload PHP files and execute arbitrary code on the server...
AzeoTech DAQFactory (Update A)
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to upload malicious .ctl files that may lead to arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities...
CVE-2026-9860 Offload, AI & Optimize with Cloudflare Images <= 1.10.2 - Authenticated (Author+) Remote Code Execution via 'api-key' / 'account-id' Parameters in cf_images_do_setup AJAX Action
The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.10.2 via the 'account-id' parameter parameter. This is due to insufficient privilege enforcement on the cfimagesdosetup AJAX handler, which require...
CVE-2026-9860
The CVE-2026-9860 entry concerns the WordPress plugin “Offload, AI & Optimize with Cloudflare Images” (versions
EUVD-2026-37840
The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.10.2 via the 'account-id' parameter parameter. This is due to insufficient privilege enforcement on the cfimagesdosetup AJAX handler, which require...
Malicious code in stackus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a8032b910c8971e79e7d8b0e250ce4d61fd2a2206d6b319a5aed50e32490456 On require, lib/writer.js loaded transitively from the package's main pino.js collects the installer's full process.env together with host identifier...
MAL-2026-6098 Malicious code in stackus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a8032b910c8971e79e7d8b0e250ce4d61fd2a2206d6b319a5aed50e32490456 On require, lib/writer.js loaded transitively from the package's main pino.js collects the installer's full process.env together with host identifier...
[SECURITY] [DLA 4634-1] nginx security update
Debian LTS Advisory DLA-4634-1 [email protected] https://www.debian.org/lts/security/ Carlos Henrique Lima Melara June 17, 2026 https://wiki.debian.org/LTS Package : nginx Version : 1.18.0-6.1+deb11u7 CVE ID : CVE-2026-9256 Debian Bug : 1137339 A vulnerability was discoverd in Nginx, a...
SUSE CVE-2026-12443
Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...
SUSE CVE-2026-12447
Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2026-12466
Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...