EUVD-2016-10876

Single Personal Message 1.0.3 contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries by injecting malicious code through the message parameter. Attackers can access the admin interface and supply crafted SQL statements in the message parameter to...

CVE-2016-20062 Simply Poll 1.4.1 Plugin for WordPress SQL Injection

Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST parameter. Attackers can send requests to the admin-ajax.php endpoint with the 'spAjaxResults' actio...

CVE-2026-46315

A flaw was found in the Linux kernel's iouring subsystem, specifically within the IORINGOPWAITID operation. This vulnerability occurs because the waitid information structure is not properly initialized before being copied to userspace. A local user could exploit this to expose stale data from...

node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification

A flaw was found in Forge also called node-forge, a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do n...

pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion

An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. Thi...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

CVE-2026-33829 - Security Vulnerability Quick Usage ba...

CVE-2026-49742 TYPO3 CMS - Broken Access Control in Media Module

Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer FAL via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such as log files. This...

CVE-2026-49741 TYPO3 CMS - Privilege Escalation & SQL Injection in Form Framework

Backend users with write access to the formdefinition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persistence validation and permission checks. This allowed injecting arbitrary form configurations,...

MITM (Man-in-the-Middle) org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center

This High severity MITM Man-in-the-Middle vulnerability was introduced in versions 9.0.1, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 10.0.0, 10.1.1, 10.2.0, and 10.3.0 of Bitbucket Data Center. This MITM Man-in-the-Middle vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Injection axios Dependency in Bitbucket Data Center

This High severity Injection vulnerability was introduced in versions 9.4.12, 10.2.0, and 10.3.0 of Bitbucket Data Center. This Injection vulnerability, with a CVSS Score of 7.4 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N allows an unauthenticated attacker to modify the...

Injection axios Dependency in Bitbucket Data Center

This High severity Injection vulnerability was introduced in versions 9.4.12, 10.2.0, and 10.3.0 of Bitbucket Data Center. This Injection vulnerability, with a CVSS Score of 7.4 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N allows an unauthenticated attacker to modify the...

DoS (Denial of Service) org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 9.0.1, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 10.0.0, 10.1.1, 10.2.0, and 10.3.0 of Bitbucket Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

DoS (Denial of Service) @isaacs/brace-expansion Dependency in Bitbucket Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 10.0.0, 10.1.1, 10.2.0, and 10.3.0 of Bitbucket Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient access controls on the API endpoints handling unlisted questions. An attacker can retrieve sensitive content, including unlisted questions, their answers, comments, and revision history, by...

CVE-2026-10731

SQL injection in the ‘twostepsauthcode’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication 2FA functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL queri...

CVE-2026-4058

The CVE-2026-4058 entry concerns the WordPress plugin “User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration”. A missing capability check in user_subscription_cancel() across all versions up to 4.3.2 allows authenticated users with Subscriber-level ac...

CVE-2026-25699

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Timeline-related APIs lacked proper authorization checks, allowing regular authenticated users to access deleted, private, or unapproved content and i...

WordPress 6Storage Rentals plugin <= 2.26.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by g0wthr in WordPress Plugin 6Storage Rentals versions = 2.26.0...

CVE-2026-24349

A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 All versions, SIMATIC WinCC Unified PC Runtime V17 All versions, SIMATIC WinCC Unified PC Runtime V18 All versions, SIMATIC WinCC Unified PC Runtime V19 All versions, SIMATIC WinCC Unified PC Runtime V20 All versions,...

CVE-2026-28262

Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering...