56464 matches found
CVE-2026-15103
The CVE affects the WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell WordPress plugin. All versions up to 3.12.8 are vulnerable to privilege escalation via an insecure update_settings() REST callback that does not validate the group_id path parameter against an allowlis...
CVE-2026-50144
A flaw was found in ncnn, a high-performance neural network inference framework. A remote attacker could craft a malicious model file that, when processed by a user, triggers an out-of-bounds heap write. This vulnerability in the ncnn::ParamDict::loadparam function is caused by insufficient...
MINI-4QJ2-P73Q-CWMM
Bulletin has no description...
EUVD-2026-44894
The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'pricewrapper' Shortcode Attribute in all versions up to, and including, 3.6.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2026-53366
creationtimestamp| type| source ---|---|--- 2026-07-16 07:43:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqqqgthqbh2s 2026-07-16 17:31:03+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116930842680877521...
ROOT-OS-DEBIAN-13-CVE-2026-23373 CVE-2026-23373 in rootio-linux - Patched by Root
Root has patched CVE-2026-23373 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
ROOT-OS-DEBIAN-13-CVE-2026-46216 CVE-2026-46216 in rootio-linux - Patched by Root
Root has patched CVE-2026-46216 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
ROOT-OS-DEBIAN-13-CVE-2025-68776 CVE-2025-68776 in rootio-linux - Patched by Root
Root has patched CVE-2025-68776 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
CVE-2026-52960 vulnerabilities
Vulnerabilities for packages: linux-qemu, linux-gcp...
CVE-2026-53447
Wekan is open source kanban built with Meteor. Prior to 9.35, the Wekan cloneBoard Meteor method in models/import.js uses caller-supplied sourceBoardId to build a board export through models/exporter.js without invoking canExport or checking source-board membership. Any authenticated user who kno...
CVE-2026-55398
creationtimestamp| type| source ---|---|--- 2026-07-15 22:00:21+00:00| seen| https://bsky.app/profile/euvd-bot.bsky.social/post/3mqpptm4mdb2w...
CVE-2026-40953
creationtimestamp| type| source ---|---|--- 2026-07-15 21:00:10+00:00| seen| https://bsky.app/profile/euvd-bot.bsky.social/post/3mqpmhxmhi52n...
CVE-2026-46684
creationtimestamp| type| source ---|---|--- 2026-07-15 20:48:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqplsfbiqb2l 2026-07-16 00:24:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqpxv6enic2a 2026-07-18 04:16:04+00:00| seen|...
Improper Authentication
Apollo ConfigService is vulnerable to Improper Authentication. The vulnerability is due to improper validation of non-canonical appId values during authentication, which allows an attacker to bypass AccessKey or management key protections and gain unauthorized access to protected configuration da...
CVE-2026-48038 vulnerabilities
Vulnerabilities for packages: kubeflow-katib...
CVE-2026-52869
The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. Prior to 1.27.2, the SSE and stateful Streamable HTTP transports mcp.server.sse.SseServerTransport and mcp.server.streamablehttpmanager.StreamableHTTPSessionManager route requests to existing...
CVE-2026-50144 ncnn: Out-of-bounds heap write in ParamDict::load_param via unchecked negative parameter id
ncnn is a high-performance neural network inference framework optimized for the mobile platform. In commit e54f7b1f88434e1d844ea0551b880a1cfb079ce1 and earlier, ncnn allows an out-of-bounds heap write in ncnn::ParamDict::loadparam when Net::loadparam loads a malicious .param model file because th...
CVE-2026-50144
ncnn (mobile-optimized neural network framework) contains an out-of-bounds heap write in ParamDict::load_param() when loading a malicious .param model, caused by a negative parameter id indexing before params[NCNN_MAX_PARAM_COUNT]. This is exploitable via Net::load_param() and is fixed by commit ...
CVE-2026-50144 ncnn: Out-of-bounds heap write in ParamDict::load_param via unchecked negative parameter id
ncnn is a high-performance neural network inference framework optimized for the mobile platform. In commit e54f7b1f88434e1d844ea0551b880a1cfb079ce1 and earlier, ncnn allows an out-of-bounds heap write in ncnn::ParamDict::loadparam when Net::loadparam loads a malicious .param model file because th...
CVE-2026-53518 Better Auth OAuth Provider: Race Condition in Authorization Code Exchange Enables Multi-Use Code Redemption
Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint for the authorizationcode grant redeems a single-use authorization code through a non-atomic find-then-delete sequence, allowing two...