3043 matches found
McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting
McAfee Network Data Loss Prevention User-Agent 9.3.x contains a cross-site scripting vulnerability which allows remote attackers to get session/cookie information via modification of the HTTP request. id: CVE-2017-4011 info: name: McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting...
D-Link DNS-320 - Remote Code Execution
The loginmgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. id: CVE-2019-16057 info: name: D-Link DNS-320 - Remote Code Execution author: DhiyaneshDk severity: critical description: | The loginmgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerabl...
CVE-2026-0278
Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention DLP component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Agent on macOS is not affected...
CVE-2026-0278
Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention DLP component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Agent on macOS is not affected...
EUVD-2026-42688
Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention DLP component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Agent on macOS is not affected...
CVE-2026-0278
Summary: CVE-2026-0278 affects the Prisma Access Agent on Windows, where multiple protection mechanism failures in the Data Loss Prevention (DLP) component allow bypass of DLP policy enforcement. The macOS agent is not affected. Affected versions: 24.0 through 26.2. Impact: DLP controls can be ci...
CVE-2026-0278 Prisma Access Agent: Multiple DLP Policy Bypass Vulnerabilities on Windows
Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention DLP component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Agent on macOS is not affected...
CVE-2026-9235
The DHL eCommerce Benelux for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and missing nonce verification on the createlabel and deletelabel functions in versions up to, and including, 2.2.3. These functions are wir...
CVE-2026-9235
The DHL eCommerce Benelux for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and missing nonce verification on the createlabel and deletelabel functions in versions up to, and including, 2.2.3. These functions are wir...
EUVD-2026-42235
Dgraph is an open source distributed GraphQL database. Prior to version 25.3.5, Dgraph Alpha exposes the RPCs used for external snapshot import on the public gRPC port :9080 without authentication or authorization. As a result, an unauthenticated network client can open StreamExtSnapshot and send...
EUVD-2026-24979
comm: FIFO/pipe inputs are drained before comparison data loss / hang...
CVE-2026-50283
Craft CMS is a content management system CMS. Versions 5.0.0-RC1 through 5.9.20, and 4.0.0-RC1 through 4.17.13 contain an authorization issue in the AssetsController::actionReplaceFile that can delete a source asset without source delete permission by supplying both assetId and sourceAssetId...
EUVD-2026-40434
Capgo before 12.128.2 contains an authentication bypass vulnerability in the account deletion endpoint that allows deletion without password re-authentication or secondary verification. Attackers can delete user accounts via session hijacking, CSRF attacks, or parameter tampering, resulting in...
CVE-2026-56286
Capgo before 12.128.2 contains an authentication bypass vulnerability in the account deletion endpoint that allows deletion without password re-authentication or secondary verification. Attackers can delete user accounts via session hijacking, CSRF attacks, or parameter tampering, resulting in...
PT-2026-53810
Name of the Vulnerable Software and Affected Versions Premium Addons for KingComposer versions prior to 1.1.2 Description Missing authorization and capability checks in the add custom sidebar and remove custom sidebar AJAX handlers allow unauthenticated attackers to modify or delete data. These...
PT-2026-54030
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An authentication bypass exists in the account deletion endpoint. This flaw allows the deletion of user accounts without requiring password re-authentication or secondary verification. Exploitation...
GHSA-M92M-R54R-X8R2 Statamic CMS's unsafe method invocation via collection sorting allows data destruction
Impact The fix for GHSA-4jjr-vmv7-wh4w was incomplete. It addressed the issue in the query builder, but the same protection was not applied to in-memory collection sorting. Manipulating sort parameters could result in the loss of content and assets. This requires a front-end template that passes...
CVE-2026-53017
A flaw was found in the Linux kernel's f2fs filesystem. This vulnerability can lead to data loss when a file synchronization fsync operation on a newly created file occurs at the same time as a checkpoint operation. The system incorrectly assumes that a checkpoint has completed, which can result ...
CVE-2026-53061
A flaw was found in the Linux kernel's device-mapper dm cache component. This vulnerability arises from an incorrect assumption that table reloads only occur after suspension, which is violated by Logical Volume Manager LVM table preloading. The dirty mapping check for passthrough mode, performed...
Linux Distros Unpatched Vulnerability : CVE-2026-53061
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm cache: fix dirty mapping checking in passthrough mode switching As mentioned in commit 9b1cc9f251af dm cache: share cache-metadata object across inactive and...