47717 matches found
CVE-2013-0051
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none...
CVE-2025-71235 scsi: qla2xxx: Delay module unload while fabric scan in progress
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Delay module unload while fabric scan in progress System crash seen during load/unload test in a loop. 105954.384919 RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086 105954.384920 R10:...
CVE-2026-2570
REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...
CVE-2026-1452
REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...
CVE-2026-2019
The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval function. This makes it possible for authenticated...
CVE-2025-11737 VK All in One Expansion Unit <= 9.112.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via SNS Title
The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'vkExUnitsnstitle' parameter in all versions up to, and including, 9.112.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...
CVE-2025-11737
The VK All in One Expansion Unit for WordPress is affected by CVE-2025-11737: Stored Cross-Site Scripting via the vkExUnit_sns_title/SNS title parameter in all versions up to 9.112.3. Exploitation requires Contributor+ authenticated access; payloads execute when users load injected pages. Support...
nodejs: Nodejs uninitialized memory exposure
A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other...
PT-2026-20963
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.15 Description OpenClaw embedded the current working directory workspace path into the agent system prompt without proper sanitization. An attacker could potentially exploit this by creating a directory with...
Medium: python3.13
Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...
WordPress VK All in One Expansion Unit plugin <= 9.112.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via SNS Title vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via SNS Title vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin VK All in One Expansion Unit versions = 9.112.3...
CVE-2025-33101
IBM Concert 1.0.0 through 2.1.0 could allow an attacker to obtain sensitive information using man in the middle techniques due to improper clearing of heap memory...
CVE-2025-33101
IBM Concert 1.0.0 through 2.1.0 could allow an attacker to obtain sensitive information using man in the middle techniques due to improper clearing of heap memory...
CVE-2025-27903
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques...
CVE-2025-27903
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques...
CVE-2025-27903
CVE-2025-27903 affects IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002. Affected component is the Recovery Expert for Linux/UNIX/Windows; the underlying issue is transmission of data over a cleartext channel, enabling potential MITM interception to obtain sensitive information. The accompanyi...
CVE-2025-27903 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques...
CVE-2026-0102
CVE-2026-0102 affects Microsoft Edge (Chromium-based) with a vulnerability where, under specific conditions, a malicious webpage can trigger autofill population after two consecutive taps, potentially disclosing stored autofill data (addresses, email, phone number metadata). Connected documents i...
CVE-2026-0102 Microsoft Edge (Chromium-based) Defense in Depth Vulnerability
...
CVE-2026-0102 Microsoft Edge (Chromium-based) Defense in Depth Vulnerability
...