486394 matches found
WordPress Offload, AI & Optimize with Cloudflare Images plugin <= 1.10.2 - Authenticated (Author+) Remote Code Execution vulnerability
Authenticated Author+ Remote Code Execution vulnerability discovered by Yat in WordPress Plugin Offload, AI & Optimize with Cloudflare Images versions = 1.10.2...
CVE-2026-55742
Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the administration rights handler. In system/admin/admin.rights.php, the rights update action 'a=update' modifies group access rights including via cotauthaddgroup without calling cotcheckxg to validate th...
CVE-2026-9815
The MagicForm WordPress plugin through 0.1.3 does not properly validate the type of files uploaded through an unauthenticated AJAX action when a form's per-field extension allowlist is left empty, allowing unauthenticated attackers to upload PHP files and execute arbitrary code on the server...
CVE-2026-9860
The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.10.2 via the 'account-id' parameter parameter. This is due to insufficient privilege enforcement on the cfimagesdosetup AJAX handler, which require...
EUVD-2026-37854
Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the administration rights handler. In system/admin/admin.rights.php, the rights update action 'a=update' modifies group access rights including via cotauthaddgroup without calling cotcheckxg to validate th...
EUVD-2026-37852
The MagicForm WordPress plugin through 0.1.3 does not properly validate the type of files uploaded through an unauthenticated AJAX action when a form's per-field extension allowlist is left empty, allowing unauthenticated attackers to upload PHP files and execute arbitrary code on the server...
CVE-2026-9815
The CVE-2026-9815 entry concerns the MagicForm WordPress plugin (versions up to 0.1.3). The affected component is the file upload path via an unauthenticated AJAX action, where the per-field extension allowlist being empty leads to improper validation of uploaded file types. As a result, unauthen...
CVE-2026-9815 MagicForm <= 0.1.3 - Unauthenticated Arbitrary File Upload to RCE
The MagicForm WordPress plugin through 0.1.3 does not properly validate the type of files uploaded through an unauthenticated AJAX action when a form's per-field extension allowlist is left empty, allowing unauthenticated attackers to upload PHP files and execute arbitrary code on the server...
AzeoTech DAQFactory (Update A)
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to upload malicious .ctl files that may lead to arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities...
CVE-2026-9860 Offload, AI & Optimize with Cloudflare Images <= 1.10.2 - Authenticated (Author+) Remote Code Execution via 'api-key' / 'account-id' Parameters in cf_images_do_setup AJAX Action
The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.10.2 via the 'account-id' parameter parameter. This is due to insufficient privilege enforcement on the cfimagesdosetup AJAX handler, which require...
CVE-2026-9860
The CVE-2026-9860 entry concerns the WordPress plugin “Offload, AI & Optimize with Cloudflare Images” (versions
EUVD-2026-37840
The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.10.2 via the 'account-id' parameter parameter. This is due to insufficient privilege enforcement on the cfimagesdosetup AJAX handler, which require...
MAL-2026-6098 Malicious code in stackus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a8032b910c8971e79e7d8b0e250ce4d61fd2a2206d6b319a5aed50e32490456 On require, lib/writer.js loaded transitively from the package's main pino.js collects the installer's full process.env together with host identifier...
Malicious code in stackus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a8032b910c8971e79e7d8b0e250ce4d61fd2a2206d6b319a5aed50e32490456 On require, lib/writer.js loaded transitively from the package's main pino.js collects the installer's full process.env together with host identifier...
[SECURITY] [DLA 4634-1] nginx security update
Debian LTS Advisory DLA-4634-1 [email protected] https://www.debian.org/lts/security/ Carlos Henrique Lima Melara June 17, 2026 https://wiki.debian.org/LTS Package : nginx Version : 1.18.0-6.1+deb11u7 CVE ID : CVE-2026-9256 Debian Bug : 1137339 A vulnerability was discoverd in Nginx, a...
SUSE CVE-2026-12443
Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...
SUSE CVE-2026-12447
Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2026-12466
Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
CVE-2026-12569
A critical remote code execution RCE vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This advisory also applies to all CPS versions The identified vulnerability also impacts Windchill and...
EUVD-2026-37831
A critical remote code execution RCE vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This advisory also applies to all CPS versions The identified vulnerability also impacts Windchill and...