370 matches found
WordPress WP Customer Area plugin <= 8.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin WP Customer Area versions = 8.3.5...
CVE-2026-57719
Unrestricted Upload of File with Dangerous Type vulnerability in CodeRevolution Aimogen Pro aimogen-pro allows Using Malicious Files.This issue affects Aimogen Pro: from n/a through = 2.8.3...
CVE-2026-57398 WordPress Real Estate Manager Pro plugin <= 12.8.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebCodingPlace Real Estate Manager Pro real-estate-manager-pro allows Reflected XSS.This issue affects Real Estate Manager Pro: from n/a through = 12.8.3...
CVE-2026-55830
RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, checkfunctionargumentnames rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted...
CVE-2026-55830
Vulnerability summary (CVE-2026-55830) : In RestrictedPython, prior to version 8.3, check_function_argument_names() failed to reject protected guard hook names for positional-only arguments, enabling a local parameter to shadow special names such as getattr , getitem , write , or print . This cou...
CVE-2026-55830
RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, checkfunctionargumentnames rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted...
CVE-2026-55830 RestrictedPython guard hooks can be shadowed via positional-only arguments
RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, checkfunctionargumentnames rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted...
CVE-2026-14355
In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...
CVE-2026-57362
Unauthenticated Cross Site Scripting XSS in ChatBot = 8.3.2 versions...
EUVD-2026-41008
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from 4.8.2.23 before v.4.8.3.1...
Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities (CVE-2026-7246)
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2026-7246 DESCRIPTION: Pallets Click, versions 8.3.2...
CVE-2026-54847
Unauthenticated Broken Access Control in Stylish Cost Calculator = 8.3.9 versions...
CVE-2026-30041
An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Service DoS via supplying a crafted PSD file...
EUVD-2026-39684
Unauthenticated Broken Access Control in Stylish Cost Calculator = 8.3.9 versions...
Oracle Linux 9 : php:8.3 (ELSA-2026-22142)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-22142 advisory. php 8.3.31-2 - drop capstone dependency on i686 8.3.31-1 - rebase to 8.3.31 php-pecl-apcu 5.1.23-1 - update to 5.1.23 for PHP 8.2 RHEL-14699 5.1.21-1 ...
CVE-2025-62180 Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.
Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs...
CVE-2026-53571 Vite: `server.fs.deny` bypass on Windows alternate paths
Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as...
CVE-2026-42661
Custom role Path Traversal in WP Customer Area = 8.3.4 versions...
vite: `server.fs.deny` bypass on Windows alternate paths
Summary The contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - the sensitive file...
CVE-2025-7018 Avira antivirus engine null pointer dereference when scanning a malformed PE file
Null pointer dereference vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.64...