960 matches found
JoomSport <= 5.7.7 - SQL Injection
The JoomSport WordPress plugin through 5.7.7 is vulnerable to unauthenticated time-based blind SQL injection via the 'sortf' GET parameter in the player list view. The parameter value is backtick-wrapped and directly concatenated into an ORDER BY clause. id: CVE-2026-42647 info: name: JoomSport =...
ROOT-OS-UBUNTU-2404-CVE-2025-71192 CVE-2025-71192 in rootio-linux - Patched by Root
Root has patched CVE-2025-71192 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
CVE-2026-57770
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Photography grandphotography allows Object Injection.This issue affects Grand Photography: from n/a through = 5.7.8...
CVE-2026-57770
The CVE-2026-57770 entry concerns Deserialization of Untrusted Data in the WordPress Theme Grand Photography plugin/theme. Affected: Grand Photography versions up to 5.7.8. Root cause: PHP object injection arising from untrusted data deserialization. Impact: high confidentiality, integrity, and a...
EUVD-2026-42860
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based SQL Injection via 'event' Shortcode Attribute in all versions up to, and including, 5.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2026-13010
The CVE-2026-13010 entry concerns the JoomSport plugin for WordPress (Team & League, Football, Hockey & more). Affected versions: all up to and including 5.7.9. Vulnerability type: time-based SQL Injection via the 'event' shortcode attribute, caused by insufficient escaping of the user-supplied p...
CVE-2025-69155
Unauthenticated Cross Site Scripting XSS in Fitness Zone WordPress Theme = 5.7 versions...
EUVD-2026-41265
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.7.8. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-12134 JoomSport <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Creation/Modification via season_groupedit AJAX action
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.7.8. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-12133
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Group Deletion in versions up to, and including, 5.7.8. This is due to a missing capability check in the joomsportseasongroupdel AJAX handler, which only...
WordPress Fitness Zone WordPress Theme theme <= 6.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Fitness Zone WordPress Theme versions = 6.0...
MINI-MX7M-PFRJ-5X7M
Bulletin has no description...
CVE-2026-48814
Network-AI is a TypeScript/Node.js multi-agent orchestrator. In versions
CVE-2026-48814 Network-AI: Empty default secret still authorizes all requests (Incomplete fix for CVE-2026-46701)
Network-AI is a TypeScript/Node.js multi-agent orchestrator. In versions 5.7.1 and earlier, the MCP SSE server allows unauthenticated cross-origin MCP tool invocation due to an empty default secret. This issue was partially addressed by CVE-2026-46701 in version 5.4.5 by closing the CORS flaw wit...
EUVD-2026-37767
In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration. The vulnerability exists...
PT-2026-50174
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description The MicrosoftAgent365Trigger and StripeTrigger nodes fail to validate inbound requests. This allows an unauthenticated attacker with knowledge of the webhook URL to submit a...
EUVD-2026-36839
Unauthenticated Cross Site Scripting XSS in AutomatorWP = 5.7.2 versions...
CVE-2026-42647 WordPress JoomSport plugin <= 5.7.7 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from n/a through 5.7.7...
CVE-2026-53694
Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Nomachine allows Argument Injection.This issue affects Nomachine: before 9.5.7, before 8.23.2...
CVE-2026-42266
A flaw was found in JupyterLab, an extensible environment for interactive computing. The PyPI Extension Manager, responsible for installing extensions, failed to properly enforce its allow-list of approved extensions. This vulnerability allowed for the installation of unauthorized extensions from...