36113 matches found
ROOT-APP-NPM-CVE-2026-54285 CVE-2026-54285 in @rootio/opentelemetry__core - Patched by Root
Root has patched CVE-2026-54285 in the @rootio/opentelemetrycore package for Root:npm. Multiple fixed versions available...
Social Login by BestWebSoft < 0.2 - Cross-Site Scripting
The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues. id: CVE-2017-18501 info: name: Social Login by BestWebSoft 0.2 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues...
WordPress WPB Show Core <= 2.2 - Server-Side Request Forgery
The WPB Show Core WordPress plugin through version 2.2 is vulnerable to Server-Side Request Forgery SSRF via the 'path' parameter in the download-file.php script. This vulnerability allows unauthenticated attackers to make the server perform requests to arbitrary URLs. id: CVE-2023-5974 info: nam...
Lotus Core CMS 1.0.1 - Local File Inclusion
Lotus Core CMS 1.0.1 allows authenticated local file inclusion of .php files via directory traversal in the index.php pageslug parameter. id: CVE-2020-8641 info: name: Lotus Core CMS 1.0.1 - Local File Inclusion author: 0xAkoko severity: high description: Lotus Core CMS 1.0.1 allows authenticated...
WordPress WPB Show Core - Cross-Site Scripting
WordPress wpb-show-core plugin through TODO contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site...
CVE-2026-48805
Twig vulnerability CVE-2026-48805: Affected: Twig (PHP template engine); issue arises before 3.27.0 in deprecated internal wrappers in src/Resources/core.php. Root cause: Sandbox state is not forwarded to CoreExtension::checkArrow(), arraySome(), and arrayEvery() when using legacy helpers twig_ch...
CVE-2026-15773
Use after free in Core in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-48758 sigstore-js: DSSE payloadType type-binding failure
sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 3.2.1, the preAuthEncoding function in @sigstore/core uses Node.js ascii encoding when converting the PAE string to bytes, allowing payloadType to be mutated after signing without invalidating the signature...
CVE-2026-15773
CVE-2026-15773 is a Use-After-Free in Chrome’s Core on Windows prior to 150.0.7871.125 that could allow a remote attacker to achieve a sandbox escape via a crafted HTML page. The vulnerability affects Google Chrome Windows builds and is tracked in multiple sources. No exploitation status is provi...
CVE-2026-47303
Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network...
CVE-2026-47300
Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network...
CVE-2026-47303
CVE-2026-47303 affects ASP.NET Core. Authentication bypass by assumed-immutable data enables an authorized attacker to elevate privileges over a network. From the provided metrics, the CVSS v3.1 base score is 8.8 (HIGH) with Network attack vector, Low attack complexity, Privileges Required: LOW, ...
CVE-2026-47300 ASP.NET Core Elevation of Privilege Vulnerability
...
CVE-2026-47300
The vulnerability CVE-2026-47300 affects ASP.NET Core and is due to an incorrect implementation of the authentication algorithm that could allow an authorized attacker to elevate privileges over a network. The CVSS v3.1 base score is 8.8 (HIGH) with NETWORK attack vector, LOW attack complexity, a...
CVE-2026-50437
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally...
CVE-2026-50359
Use after free in Microsoft XML Core Services allows an authorized attacker to elevate privileges locally...
CVE-2026-45646
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network...
CVE-2026-58541
CVE-2026-58541 — Windows DWM Core Library Elevation of Privilege due to a type confusion in DWM. Affected component: Windows DWM Core Library/DWM (Windows OS). Description from sources: Access of resource using incompatible type ('type confusion') in Windows DWM allows an authorized attacker to e...
CVE-2026-50359 Microsoft XML Core Services Elevation of Privilege Vulnerability
...
CVE-2026-50359
CVE-2026-50359 is a Microsoft XML Core Services elevation-of-privilege vulnerability described as a use-after-free issue. The NVD/NCSC/CIRCL entries confirm local privilege escalation for an authorized user. No exploit vectors are provided in the documents. Microsoft has released updates addressi...