171 matches found
CVE-2026-46710
Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege escalation vulnerability in the installer. During installation, the installer invokes powershell.exe without using an absolute path after setting the working directory to the...
CVE-2026-48778 Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter
Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag in config.xml is read by NppXml::value Parameters.cpp:6430 and stored in nppGUI.commandLineInterpreter without any validation, whitelist, or digital signature check. When the user triggers IDMFILEOPENCMD File → Open...
CVE-2026-46710
Notepad++ is affected by a local privilege escalation vulnerability in the installer (CVE-2026-46710) detected in versions 8.9.4–8.9.6. During installation, the installer launches powershell.exe without an absolute path after setting the working directory to the installation contextMenu directory...
PT-2026-52972
Name of the Vulnerable Software and Affected Versions Notepad++ versions 8.9.4 through 8.9.5 Description The installer contains a local privilege escalation issue. During the installation process, the installer invokes powershell.exe without specifying an absolute path after setting the working...
CVE-2026-9709
The CVE-2026-9709 entry describes a vulnerability in the Premium Cornerstone page builder bundled with the X Theme (WordPress plugin) prior to version 7.8.9. The root cause is missing capability checks on one REST API route, allowing any authenticated user to disclose metadata of other users, inc...
CVE-2018-25392 MaxOn ERP Software 8.x-9.x SQL Injection via nomor Parameter
MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the logactivity function. Attackers can send POST requests to /index.php/user/logactivity with malicious SQL code in...
Microsoft Security Advisory CVE-2026-42899 – ASP.NET Core Denial of Service Vulnerability
Executive Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Loop with unreachable exit...
Microsoft Security Advisory CVE-2026-32175 – .NET Core Tampering Vulnerability
Executive Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A tampering vulnerability...
WordPress Simple Link Directory plugin <= 8.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Simple Link Directory versions = 8.9.2...
Oracle MySQL Server 9.x.x < 9.7.0 (April 2026 CPU)
The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging OpenSSL. Supported versions that are affected are 8.0.0-8.0.45,...
PT-2026-32087
Name of the Vulnerable Software and Affected Versions The GreenShift - Animation and Page Builder Blocks plugin for WordPress versions up to and including 12.8.9 Description The GreenShift - Animation and Page Builder Blocks plugin for WordPress is susceptible to Stored Cross-Site Scripting due t...
WordPress plugin GreenShift - Animation and Page Builder Blocks 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
JLSEC-2026-67
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9...
Kibana 8.19.14, 9.2.8, 9.3.3 Security Update (ESA-2026-21)
Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope Execution with Unnecessary Privileges CWE-250 in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via...
GitLab 12.10 < 18.8.9 / 18.9 < 18.9.5 / 18.10 < 18.10.3 (CVE-2026-1092)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause...
RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update (Important) (RHSA-2026:6278)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6278 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
CVE-2026-29101
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, a Denial-of-Service DoS vulnerability exists in SuiteCRM modules. Versions 7.15.1 and 8.9.3 patch the issue...
CVE-2026-29097
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions prior to 7.15.1 and 8.9.3 contain a Server-Side Request Forgery SSRF vulnerability combined with a Denial of Service DoS condition in the RSS Feed Dashlet component. Versions 7.15.1 an...
CVE-2026-29102
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, an Authenticated Remote Code Execution RCE vulnerability exists in SuiteCRM modules. Versions 7.15.1 and 8.9.3 patch the issue...
CVE-2026-29099
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the retrieve function in include/OutboundEmail/OutboundEmail.php fails to properly neutralize the user controlled $id parameter. It is assumed that the...