677 matches found
CVE-2026-49854
Summary: Tornado’s optional native extension tornado.speedups mishandles the websocket_mask length, reading beyond a four-byte buffer when invoked through the XSRF token decoder with the extension active. This out-of-bounds access affects Tornado up to version 6.5.5 and is fixed in 6.5.6. Impact:...
ROOT-OS-UBUNTU-2404-CVE-2025-40156 CVE-2025-40156 in rootio-linux - Patched by Root
Root has patched CVE-2025-40156 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
WordPress LatePoint plugin <= 5.6.3 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin LatePoint versions = 5.6.3...
CVE-2026-11398 LatePoint <= 5.6.1 - Missing Authorization to Unauthenticated Arbitrary Customer Data Modification via process_step_customer() Booking Form Customer Step
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-9272
CVE-2026-9272 affects Progress Flowmon ADS prior to 12.5.6 and 13.0.5. An adversary authenticated as a low-privileged ADS user can send specially crafted requests that lead to unauthorized access to and modification of application data. The CVE’s metrics indicate HIGH impact on confidentiality, i...
CVE-2026-27433
Unauthenticated Broken Access Control in Motors = 5.6.80 versions...
CVE-2026-27433 WordPress Motors theme <= 5.6.80 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Motors = 5.6.80 versions...
CVE-2026-27433
Unauthenticated Broken Access Control in Motors = 5.6.80 versions...
PT-2026-55053
Name of the Vulnerable Software and Affected Versions WPIDE – File Manager & Code Editor versions prior to 3.5.7 Description An unauthenticated Cross Site Request Forgery CSRF issue exists. CSRF is a flaw that allows an attacker to trick a victim into performing actions they did not intend to do ...
WordPress LatePoint – Calendar Booking plugin for Appointments and Events plugin <= 5.6.3 - Authenticated (Custom+) Privilege Escalation to Administrator vulnerability
Authenticated Custom+ Privilege Escalation to Administrator vulnerability discovered by d.v4ns3c in WordPress Plugin LatePoint versions = 5.6.3...
Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities (CVE-2026-7246)
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2026-7246 DESCRIPTION: Pallets Click, versions 8.3.2...
OpenAI Previews GPT-5.6 Sol With Restricted Access and Stronger Cyber Safeguards
OpenAI on Friday released three versions of GPT-5.6 , called Sol, Terra, and Luna , as a limited preview to a small number of companies as part of an ongoing engagement with the U.S. government. While Sol is the latest flagship model and the most powerful, Terra strikes a balance between efficien...
EUVD-2026-39699
Unauthenticated SQL Injection in 워드프레스 결제 심플페이 = 5.5.6 versions...
Improper Enforcement of Behavioral Workflow
Overview filament/filament is an A collection of full-stack components for accelerated Laravel app development. Affected versions of this package are vulnerable to Improper Enforcement of Behavioral Workflow through the improper handling of recovery codes in app-based multi-factor authentication...
CVE-2026-48166
Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the login page has an observable timing discrepancy that allows unauthenticated attackers to enumerate registered email addresses. The impact is limited to disclosing whether ...
CVE-2026-48505
Filament’s MFA recovery-code handling (versions 4.0.0–4.11.5 and 5.6.5) allows the same recovery code to be reused under concurrent submissions. When recovery codes are enabled, an attacker with the user’s password and codes can establish multiple authenticated sessions per code, extending access...
CVE-2026-50656
creationtimestamp| type| source ---|---|--- 2026-06-17 02:00:50+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3moh7qulrzn2n 2026-06-17 08:36:55+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/microsoft-security-advisory-av26-607 2026-06-17 10:00:59+00:00| seen|...
PT-2026-50359
Unauthenticated PHP Object Injection in WP Activity Log = 5.6.3.1 versions...
CVE-2026-40785
Subscriber Broken Authentication in AutomatorWP = 5.6.7 versions...
Incorrect Resource Transfer Between Spheres
Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres via SimpleAsyncHTTPClient. An attacker can obtain sensitive credentials by exploiting...