649679 matches found
CVE-2026-13378 Form Vibes <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting via Contact Form 7 Form Field
The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 Form Field in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...
CVE-2026-13378 Form Vibes <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting via Contact Form 7 Form Field
The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 Form Field in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...
Security Bulletin: Multiple vulnerabbilities exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager.
Summary IBM Tivoli Network Configuration Manager is affected by multiple security vulnerabilities in IBM SDK, Java Technology Edition. This bulletin addresses the IBM SDK, Java Technology Edition Quarterly Critical Patch Update CPU for April 2026, which includes Oracle's April 2026 Critical Patch...
The vulnerabilities in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel allow a hacker to cause a service failure.
The vulnerability in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel systems relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure...
vuln-tracker
🔍 Vulnerability Tracking & Remediation Tracker A Python + SQL...
SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content
SiYuan v3.6.5 and earlier versions contain a stored cross-site scripting XSS vulnerability in the Attribute View database asset cell renderer that escalates to remote code execution RCE in the Electron desktop client. This is a neighbor-bug of CVE-2026-44588: the fix for -44588 used escapeAriaLab...
CVE-2026-57156
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in updatereaddeltapoints in libfreerdp/core/orders.c when multiplying an attacker-controlled point count by sizeofDELTAPOINT, allowing a malicious RDP pee...
CVE-2026-57157
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in...
CVE-2026-57158
FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planardecompressplanerleonly in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated...
CVE-2026-55827
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap-data only for the smaller DstWidth and...
BabelDOC: Arbitrary Code Execution via CMap Pickle Deserialization in babeldoc/pdfminer/cmapdb.py
Arbitrary Code Execution via CMap Pickle Deserialization in babeldoc/pdfminer/cmapdb.py Summary BabelDOC's vendored PDF parser babeldoc/pdfminer/cmapdb.py deserializes untrusted pickle data when loading CMap files. The loaddata method strips only NUL bytes from a PDF-controlled CMap name, then...
SiYuan: Unauthenticated SQLite Data Exfiltration via Template Injection in /api/icon/getDynamicIcon
Summary The /api/icon/getDynamicIcon endpoint is explicitly excluded from authentication in SiYuan's kernel router router.go, "不需要鉴权" -- no auth needed. When called with type=8 and a valid block id parameter, this endpoint invokes RenderDynamicIconContentTemplate, which executes a Go template tha...
Excelize: Unbounded Row Index Allocation in Worksheet Parser (checkSheet OOM/Panic DoS)
Unbounded Row Index Allocation in Worksheet Parser checkSheet OOM/Panic DoS Summary The checkSheet function in github.com/xuri/excelize/v2 uses an attacker-controlled XML attribute value directly as the length argument to makexlsxRow, row without validating it against the Excel row limit TotalRow...
Linux dup2 Command Shell, Reverse TCP Stager
dup2 socket in s1, then execve. Connect back to the attacker Module Options msf use payload/linux/riscv64le/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set options... msf payloadreversetcp run...
Linux dup2 Command Shell, Bind TCP Stager
dup2 socket in s1, then execve. Listen for a connection Module Options msf use payload/linux/riscv32le/shell/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options... msf payloadbindtcp run frozenstringliteral:...
Linux dup2 Command Shell, Reverse TCP Stager
dup2 socket in s1, then execve. Connect back to the attacker Module Options msf use payload/linux/riscv32le/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set options... msf payloadreversetcp run...
Linux dup2 Command Shell, Bind TCP Stager
dup2 socket in s1, then execve. Listen for a connection Module Options msf use payload/linux/riscv64le/shell/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options... msf payloadbindtcp run frozenstringliteral:...
MCP Atlassian: DNS-rebinding TOCTOU bypass of the SSRF fix (CVE-2026-27826)
Summary GHSA-7r34-79r5-rcc9's fix added validateurlforssrf, which resolves the attacker-controlled X-Atlassian-Jira,Confluence-Url header host once at middleware time and trusts the result. But the outbound request is later built with the raw hostname and re-resolves at connect time with no IP...
SafeVault
SafeVault — Secure Coding, Authentication & Vulnerability Reme...
Exploit for Improper Input Validation in Motioneye_Project Motioneye
CVE-2025-60787 — motionEye Authenticated RCE Authenticated co...