271 matches found
CVE-2026-14029
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
Security Bulletin: NVIDIA AIStore Framework - June 2026
NVIDIA has released a software update for NVIDIA® AIStore™ framework. To protect your system, download and install the latest version of the NVIDIA AIStore framework. Go to NVIDIA Product Security. Details The following table summarizes the potential vulnerabilities that this security update...
CVE-2026-13331 Groundhogg <= 4.5.5 - Authenticated (Marketer+) SQL Injection via 'search' Parameter
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2026-57667
Sales Representative SQL Injection in Groundhogg = 4.5 versions...
CVE-2026-56055
Subscriber PHP Object Injection in RealHomes = 4.5.3 versions...
CVE-2026-57667 WordPress Groundhogg plugin <= 4.5 - SQL Injection vulnerability
Sales Representative SQL Injection in Groundhogg = 4.5 versions...
EUVD-2026-39671
Sales Representative SQL Injection in Groundhogg = 4.5 versions...
EUVD-2026-39710
Subscriber PHP Object Injection in RealHomes = 4.5.3 versions...
WordPress Groundhogg plugin <= 4.5 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Baikuya in WordPress Plugin Groundhogg versions = 4.5...
EUVD-2026-39615
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including, 4.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2026-46607
CVE-2026-46607 describes an insecure deserialization vulnerability in Glances, where a version-check cache file (~/.cache/glances/glances-version.db) is loaded with pickle without validation. An attacker with write access to the cache path can introduce a malicious pickle and achieve arbitrary co...
CVE-2026-9643
WP Meta SEO for WordPress insert(). This allows injection of arbitrary scripts that execute when an administrator visits the 404 & Redirects admin page (/wp-admin/admin.php?page=metaseo_broken_link). Exploitation details are not provided beyond the generic flow; no fixes, mitigations, or exploita...
CVE-2026-48872
Unauthenticated Sensitive Data Exposure in EmbedPress = 4.5.2 versions...
PT-2026-49480
Unauthenticated Sensitive Data Exposure in EmbedPress = 4.5.2 versions...
PT-2026-47171
A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument dev name results in command injection. It is possible to initiate the attack...
CVE-2026-2712
The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to missing capability checks in the receiveheartbeat function in includes/class-wp-optimize-heartbeat.php in all versions up to, and including, 4.5.0. This is due to the Heartbeat handler directly...
Vinades NukeViet 跨站脚本漏洞
Vinades NukeViet is an open-source content management system CMS developed by the Vietnamese company Vinades. Versions of Vinades NukeViet 4.5.07 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from insufficient input cleansing on the server side, which could lead...
CVE-2026-44065
An off-by-two error in lpwrite in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service disruption via crafted print data...
EUVD-2026-31216
Netatalk 2.2.1 through 4.4.2 calls system after a failed chdir without properly handling the error condition, which allows a local privileged user to execute unintended commands or cause a minor service disruption under specific conditions...
EUVD-2026-31213
An off-by-two error in lpwrite in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service disruption via crafted print data...