36104 matches found
Social Login by BestWebSoft < 0.2 - Cross-Site Scripting
The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues. id: CVE-2017-18501 info: name: Social Login by BestWebSoft 0.2 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues...
WordPress WPB Show Core <= 2.2 - Server-Side Request Forgery
The WPB Show Core WordPress plugin through version 2.2 is vulnerable to Server-Side Request Forgery SSRF via the 'path' parameter in the download-file.php script. This vulnerability allows unauthenticated attackers to make the server perform requests to arbitrary URLs. id: CVE-2023-5974 info: nam...
Lotus Core CMS 1.0.1 - Local File Inclusion
Lotus Core CMS 1.0.1 allows authenticated local file inclusion of .php files via directory traversal in the index.php pageslug parameter. id: CVE-2020-8641 info: name: Lotus Core CMS 1.0.1 - Local File Inclusion author: 0xAkoko severity: high description: Lotus Core CMS 1.0.1 allows authenticated...
WordPress WPB Show Core - Cross-Site Scripting
WordPress wpb-show-core plugin through TODO contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site...
CVE-2026-48805
Twig vulnerability CVE-2026-48805: Affected: Twig (PHP template engine); issue arises before 3.27.0 in deprecated internal wrappers in src/Resources/core.php. Root cause: Sandbox state is not forwarded to CoreExtension::checkArrow(), arraySome(), and arrayEvery() when using legacy helpers twig_ch...
CVE-2026-48758 sigstore-js: DSSE payloadType type-binding failure
sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 3.2.1, the preAuthEncoding function in @sigstore/core uses Node.js ascii encoding when converting the PAE string to bytes, allowing payloadType to be mutated after signing without invalidating the signature...
CVE-2026-15773
CVE-2026-15773 is a Use-After-Free in Chrome’s Core on Windows prior to 150.0.7871.125 that could allow a remote attacker to achieve a sandbox escape via a crafted HTML page. The vulnerability affects Google Chrome Windows builds and is tracked in multiple sources. No exploitation status is provi...
CVE-2026-47303
Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network...
CVE-2026-47300
Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network...
CVE-2026-47303
CVE-2026-47303 affects ASP.NET Core. Authentication bypass by assumed-immutable data enables an authorized attacker to elevate privileges over a network. From the provided metrics, the CVSS v3.1 base score is 8.8 (HIGH) with Network attack vector, Low attack complexity, Privileges Required: LOW, ...
CVE-2026-47300 ASP.NET Core Elevation of Privilege Vulnerability
...
CVE-2026-47300
The vulnerability CVE-2026-47300 affects ASP.NET Core and is due to an incorrect implementation of the authentication algorithm that could allow an authorized attacker to elevate privileges over a network. The CVSS v3.1 base score is 8.8 (HIGH) with NETWORK attack vector, LOW attack complexity, a...
CVE-2026-50437
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally...
CVE-2026-50359
Use after free in Microsoft XML Core Services allows an authorized attacker to elevate privileges locally...
CVE-2026-58541
CVE-2026-58541 — Windows DWM Core Library Elevation of Privilege due to a type confusion in DWM. Affected component: Windows DWM Core Library/DWM (Windows OS). Description from sources: Access of resource using incompatible type ('type confusion') in Windows DWM allows an authorized attacker to e...
CVE-2026-50359 Microsoft XML Core Services Elevation of Privilege Vulnerability
...
CVE-2026-50359
CVE-2026-50359 is a Microsoft XML Core Services elevation-of-privilege vulnerability described as a use-after-free issue. The NVD/NCSC/CIRCL entries confirm local privilege escalation for an authorized user. No exploit vectors are provided in the documents. Microsoft has released updates addressi...
CVE-2026-50437 Windows DWM Core Library Information Disclosure Vulnerability
...
CVE-2026-50437
CVE-2026-50437 describes an out-of-bounds read in Windows DWM Core Library that could allow an authenticated local attacker to disclose information. Public docs identify the affected component (Windows DWM Core Library) and the impact (local information disclosure) with a CVSSv3.1 base score of 5...
CVE-2026-50331
CVE-2026-50331 is a Windows Application Model Core API elevation-of-privilege vulnerability caused by a use-after-free issue. It affects the Windows Application Model Core API component and allows an authorized attacker with local access to elevate privileges. Microsoft has issued updates to addr...