3043 matches found
CVE-2026-40845 Authenticated SQLi in devices_configuration view
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devicesconfiguration view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40839 Authenticated SQLi in getComponentScalings function
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40828 Authenticated SQLi in DeleteSysLogEntry function
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...
EUVD-2026-32121
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files mb24configetTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-9236
The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the cmaccampaignsaction function. This makes it...
WordPress plugin CM Ad Changer 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-43857
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the slub allocator where the krealloc and kvrealloc functions can cause data loss or buffer overflows. This occurs during the reallocation fallback path when forcing a...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incorrect setting of the EXT4GETBLOCKSCONVERT flag when ext4 divides a partition without...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the krealloc function in Slub, causing data loss and buffer overflow issues during NUMA migration...
CVE-2026-45990
slub: fix data loss and overflow in krealloc...
CVE-2026-48134
When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to...
EUVD-2026-31821
When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to...
CVE-2026-48134
The CVE-2026-48134 issue affects Check Point’s UserCheck Portal when the DLP blade is active, applying to UserCheck’s Web Portal UserChoice input handling. The root cause is an input-handling flaw that could allow an attacker with access to the UserCheck Ask page to manipulate stored DLP/UserChec...
CVE-2026-48134 SQL injection issue in UserCheck Portal when DLP Software Blade is active
When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to...
CVE-2026-48134
When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to...
Check Point Security Gateway 安全漏洞
Check Point Security Gateway is a series of network security gateway devices developed by Check Point in Israel. There is a security vulnerability in Check Point Security Gateway, which stems from an input processing issue in the UserCheck Web Portal during the DLP activation process. This...
PT-2026-43238
Name of the Vulnerable Software and Affected Versions Security Gateway affected versions not specified Description An input-handling issue exists in the UserChoice flow of the UserCheck Web Portal when DLP is active. An attacker with access to the UserCheck Ask page can manipulate stored...
CVE-2026-28380
A flaw was found in Grafana. An authenticated user with editor privileges could exploit a Broken Access Control BAC vulnerability in the Snapshot API. This flaw allows an editor to delete any dashboard snapshot, even those they do not have explicit read or write access to, leading to unauthorized...
EUVD-2026-31333
The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the processajaxrestoreaction function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2026-4843
The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the processajaxrestoreaction function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and...