8048 matches found
CVE-2026-42447
jadx is a Dex to Java decompiler. Prior to 1.5.6, jadx-gui is affected by an HTML injection vulnerability in the Summary tab because SummaryNode.java appends arches and perArchCount values derived from .so file path components inside an APK into an HTML panel without escaping. A malicious APK wit...
CVE-2026-42447
CVE-2026-42447 affects jadx (Dex to Java decompiler). The HTML injection occurs in the Summary tab via SummaryNode.java, which unescapes and inserts path components from an APK’s .so file entries into HTML without escaping. A malicious APK with a crafted HTML URL-encoded ZIP entry name can render...
CVE-2026-4017
Buffer Overflow in the entry handler of the TraceEvent system call could allow an attacker with local access to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel...
CVE-2026-4017
The CVE-2026-4017 entry concerns a buffer overflow in the TraceEvent() system call entry handler for the QNX Neutrino kernel (affecting QNX Software Development Platform and QNX OS for Safety). The underlying issue, a buffer overflow in the entry handler, could enable a local attacker to cause in...
kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected role
A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM x86 shadow paging mechanism. This vulnerability occurs when a host page directory entry PDE mapping is changed from within the guest, leading to an unexpected role mismatch in shadow paging. This mismatch can cause a...
ROOT-OS-UBUNTU-2204-CVE-2026-43116 CVE-2026-43116 in rootio-linux - Patched by Root
Root has patched CVE-2026-43116 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...
ROOT-OS-DEBIAN-13-CVE-2025-38660 CVE-2025-38660 in rootio-linux - Patched by Root
Root has patched CVE-2025-38660 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-23071 CVE-2026-23071 in rootio-linux - Patched by Root
Root has patched CVE-2026-23071 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-46245 CVE-2026-46245 in rootio-linux - Patched by Root
Root has patched CVE-2026-46245 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...
kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected role
A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM x86 shadow paging mechanism. This vulnerability occurs when a host page directory entry PDE mapping is changed from within the guest, leading to an unexpected role mismatch in shadow paging. This mismatch can cause a...
CVE-2026-15605
The vulnerability CVE-2026-15605 affects wandb 0.25.2.dev1, specifically the ArtifactManifestEntry.download path in wandb/sdk/lib/hashutil.py under Artifact Integrity Validation. The issue is described as the use of a weak hash due to manipulating the ArtifactManifestEntry.download, with the atta...
CGA-52RR-HPV6-5JXX
Bulletin has no description...
CVE-2026-57411
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aman CF7 Views Complete Entry Management for Contact Form 7 cf7-views allows DOM-Based XSS.This issue affects CF7 Views Complete Entry Management for Contact Form 7: from n/a through = 3.2.2...
CVE-2026-57411 WordPress CF7 Views – Complete Entry Management for Contact Form 7 plugin <= 3.2.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aman CF7 Views Complete Entry Management for Contact Form 7 cf7-views allows DOM-Based XSS.This issue affects CF7 Views Complete Entry Management for Contact Form 7: from n/a through = 3.2.2...
CVE-2026-57411
The CVE-2026-57411 entry concerns the WordPress plugin cf7-views (Aman CF7 Views – Complete Entry Management for Contact Form 7) with a DOM-based XSS vulnerability due to improper neutralization during web page generation. Affected versions are up to 3.2.2. CVSS v3.1 base score is 7.1 (HIGH); att...
CVE-2026-12081 Database for Contact Form 7, WPforms, Elementor forms < 1.5.2 - Unauthenticated PHP Object Injection via Entry File Field
The Database for Contact Form 7, WPforms, Elementor forms WordPress plugin before 1.5.2 does not restrict the PHP classes allowed when unserializing an attacker-supplied form-field value, allowing unauthenticated users to inject arbitrary PHP objects that are instantiated when an administrator...
CVE-2026-12081
CVE-2026-12081 affects the Database for Contact Form 7, WPforms, and Elementor forms WordPress plugin (versions before 1.5.2). The issue arises from unserializing an attacker-supplied form-field value without restricting PHP classes, allowing unauthenticated users to inject arbitrary PHP objects ...
MINI-C645-J392-74H9
Bulletin has no description...
ECHO-5B7B-7765-6253
Bulletin has no description...
CVE-2026-9017
The CVE describes an authorization bypass in the NEX-Forms – Ultimate Forms Plugin for WordPress (vulnerable up to and including 9.2.2). The underlying issue is that the plugin does not properly verify that a user is authorized to perform an action, enabling unauthenticated attackers to overwrite...