590151 matches found
CVE-2026-40783
The CVE concerns WordPress Blocksy Companion Pro plugin, affected at versions
CVE-2024-52488
CVE-2024-52488 affects WordPress Grip theme (versions ≤ 1.0.9). The issue is an Arbitrary Plugin Activation/Deactivation vulnerability leading to RCE, requiring Subscriber privileges. Patch status is not clearly available in the provided docs; Patchstack indicates high risk with a potential explo...
CVE-2024-52488 WordPress Grip theme <= 1.0.9 - Arbitrary Plugin Activation/Deactivation to RCE vulnerability
Subscriber Arbitrary File Upload in Grip = 1.0.9 versions...
Vulnerabilities in Oracle Fusion Middleware products
Oracle has identified several vulnerabilities in various products within the Oracle Fusion Middleware suite, including WebLogic Server, WebCenter Content, WebCenter Sites, WebCenter Portal, WebCenter Enterprise Capture, Identity Manager, Identity Manager Connector, Access Manager, Coherence,...
kernel: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL
A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. A race condition exists in the SCTPSENDALL path where a cached list entry is not properly revalidated after the socket lock is temporarily released. This allows a local attacker or a remote attacker v...
kernel: netfilter: nf_tables: release flowtable after rcu grace period on error
A flaw was found in the Linux kernel's netfilter component, specifically within the nftables subsystem. An error in releasing a flowtable after an RCU Read-Copy-Update grace period could lead to a use-after-free vulnerability. This issue could expose the flowtable to the packet path and...
postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write
A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...
postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write
A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...
CVE-2026-0081
In NFC, there is a possible way to spoof an NFC event due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
kernel: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL
A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. A race condition exists in the SCTPSENDALL path where a cached list entry is not properly revalidated after the socket lock is temporarily released. This allows a local attacker or a remote attacker v...
firefox: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these...
firefox: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these...
CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor JCE to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as...
VMware VRealize Network Insight - Remote Code Execution
VMWare Aria Operations for Networks vRealize Network Insight is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the ro...
CVE-2026-53876
RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who logs in to the web console as an administrator...
Malicious code in metrics-probe-dc85 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aaa3316d23c1a348fb5c68a36eb775ca51f90d0e44973508dd5a8ba5a139e932 On install, package.json declares postinstall: node run.js, which auto-executes run.js when the package is installed. run.js imports os, fs, http,...
Malicious code in pkg-telemetry-r4f9 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector decf727db779a7cc4017b0bd8000f9fb40bcc5c6d93b016144a94e245886ea4e On install, package.json's postinstall hook runs node run.js, which loads beacon scripts that combine childprocess, os, and http modules to collect...
MAL-2026-5990 Malicious code in pkg-telemetry-r4f9 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector decf727db779a7cc4017b0bd8000f9fb40bcc5c6d93b016144a94e245886ea4e On install, package.json's postinstall hook runs node run.js, which loads beacon scripts that combine childprocess, os, and http modules to collect...
Malicious code in params-valid-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 397af72237ba3626ac4727497662530f602c2ce6ec71406f48b508055687366c The package presents itself as 'Simplified HTTP request client' and copies identity metadata from Mikeal Rogers' legitimate request package bugs URL...
MAL-2026-5988 Malicious code in params-valid-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 397af72237ba3626ac4727497662530f602c2ce6ec71406f48b508055687366c The package presents itself as 'Simplified HTTP request client' and copies identity metadata from Mikeal Rogers' legitimate request package bugs URL...