2459599 matches found
CVE-2026-56066 WordPress ShortPixel Adaptive Images plugin <= 3.11.4 - Arbitrary File Deletion vulnerability
Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images = 3.11.4 versions...
EUVD-2026-39719
Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images = 3.11.4 versions...
CVE-2026-56066 WordPress ShortPixel Adaptive Images plugin <= 3.11.4 - Arbitrary File Deletion vulnerability
Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images = 3.11.4 versions...
CVE-2026-56059
The CVE-2026-56059 entry concerns the WordPress Travel Booking theme version up to 2.2.5, which is affected by an arbitrary file upload vulnerability in Subscriber context. The linked sources (NVD/CVE records) confirm the affected product and version range and classify the severity as critical wi...
CVE-2026-56059 WordPress Travel Booking theme <= 2.2.5 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Travel Booking = 2.2.5 versions...
CVE-2026-56059 WordPress Travel Booking theme <= 2.2.5 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Travel Booking = 2.2.5 versions...
EUVD-2026-39713
Subscriber Arbitrary File Upload in Travel Booking = 2.2.5 versions...
CVE-2026-56058
CVE-2026-56058 affects the WordPress Quform plugin, specifically versions up to 2.23.0, with a Subscriber Arbitrary File Upload vulnerability. The connected records confirm the affected product and vulnerability class but do not provide root-cause details or a patch/version to remediate within th...
CVE-2026-56058 WordPress Quform plugin <= 2.23.0 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Quform = 2.23.0 versions...
EUVD-2026-39712
Subscriber Arbitrary File Upload in Quform = 2.23.0 versions...
CVE-2026-56058 WordPress Quform plugin <= 2.23.0 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Quform = 2.23.0 versions...
CVE-2026-56027
This CVE pertains to the WordPress Booster for WooCommerce plugin. The affected component is Booster for WooCommerce
EUVD-2026-39690
Customer Arbitrary File Upload in Booster for WooCommerce = 8.0.1 versions...
CVE-2026-56027 WordPress Booster for WooCommerce plugin <= 8.0.1 - Arbitrary File Upload vulnerability
Customer Arbitrary File Upload in Booster for WooCommerce = 8.0.1 versions...
CVE-2026-56027 WordPress Booster for WooCommerce plugin <= 8.0.1 - Arbitrary File Upload vulnerability
Customer Arbitrary File Upload in Booster for WooCommerce = 8.0.1 versions...
CVE-2026-45257 Arbitrary file overwrite via the KTLS receive path
The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through non-anonymous MEXTPG pages or...
CVE-2026-45257 Arbitrary file overwrite via the KTLS receive path
The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through non-anonymous MEXTPG pages or...
Security Bulletin: Multiple vulnerabilities affect IBM® Db2® Big SQL on IBM Software Hub.
Summary Multiple vulnerabilities have been addressed in IBM® Db2® Big SQL on IBM Software Hub. Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465:...
CVE-2026-57527
Zed Attack Proxy ZAP ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve arbitrary code execution by embedding a malicious serialized Java object in the javax.faces.ViewState HTTP response parameter...
CVE-2026-57527 ZAP ViewState Add-on Insecure Deserialization via JSFViewState.decode()
Zed Attack Proxy ZAP ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve arbitrary code execution by embedding a malicious serialized Java object in the javax.faces.ViewState HTTP response parameter...