1607 matches found
WordPress iQ Block Country <=1.2.11 - Cross-Site Scripting
WordPress iQ Block Country plugin 1.2.11 and prior contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and...
EUVD-2026-43068
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Tealium iQ Tag Management allows Object Injection. This issue affects Tealium iQ Tag Management versions: from 0.0.0 to 2.4.0...
CVE-2026-38059 ST Engineering iDirect iQ-Series Terminals Missing authentication for critical function
The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID DID, Terminal Private Key identifier TPK, MAC address, and exact firmwa...
CVE-2026-38057
The CVE-2026-38057 entry affects the iDirect iQ200 series. The issue is CSRF on state-changing API endpoints, specifically the /api/reboot POST endpoint, which accepts requests authenticated only by a session cookie that lacks the SameSite attribute. A remote attacker can lure an authenticated ad...
CVE-2026-38057 ST Engineering iDirect iQ-Series Terminals Cross-Site request forgery
The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication. The /api/reboot endpoint accepts POST requests authenticated solely by a session cookie that lacks the SameSite attribute. A remote attacker can host a malicious web page that, when visited by an...
CVE-2026-13742
Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends...
CVE-2026-13742 Lack of signature verification before execution of downloaded content
Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends...
CVE-2026-13742
Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends...
EUVD-2026-40126
Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends...
Tealium iQ Tag Management - Critical - PHP object injection - SA-CONTRIB-2026-064
The Tealium iQ Tag Management module provides Drupal integration with Tealium iQ. tealiumiq stores some data as PHP-serialized strings. In some situations, malicious data can be written directly to the field. This can lead to an Object Injection vulnerability when the data are unserialized. This...
CVE-2026-8806
Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service DoS condition in the affected product by continuously sending a large number of communication packets to t...
EUVD-2026-37975
Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service DoS condition in the affected product by continuously sending a large number of communication packets to t...
CVE-2026-8806
Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service DoS condition in the affected product by continuously sending a large number of communication packets to t...
CVE-2026-8806
The CVE-2026-8806 entry concerns Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module (FX5-ENET/IP), with all versions affected. The vulnerability is described as an Expected Behavior Violation that could allow a remote attacker to cause a DoS by flooding the Ethernet port with a hi...
CVE-2026-8805 Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series EtherNet/IP module
Integer Overflow or Wraparound vulnerability in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service DoS condition in the affected product by rapidly establishing a larg...
CVE-2026-8805
CVE-2026-8805 affects the MELSEC iQ-F Series EtherNet/IP module FX5-EIP (versions 1.000 and prior). The bug is an integer overflow/wraparound in the EtherNet/IP function that can be triggered remotely by rapidly opening many TCP connections, causing a DoS through an inconsistency in internal conn...
CVE-2026-0274
An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources...
CVE-2026-0274 Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration
An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources...
CVE-2026-41959
Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view the network status of destination systems. Note: Software versions which have...
CVE-2026-22054
Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations...