1864 matches found
Good Layers LMS Plugin <= 2.1.4 - SQL Injection
An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin = 2.1.4 exists due to the usage of "wpajaxnopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlrlmscancelbooking" where POST Parameter "id" was sent straight into SQL query witho...
CVE-2026-58595
Improper restriction of rendered ui layers or frames in Microsoft Bing App for IOS allows an unauthorized attacker to perform spoofing over a network...
Microsoft Bing App for IOS Spoofing Vulnerability
Improper restriction of rendered ui layers or frames in Microsoft Bing App for IOS allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-11367
The PixMagix WordPress Image Editor plugin (versions up to 1.7.2) is affected by a Directory Traversal flaw in move_image_on_server, allowing authenticated users with author+ rights to write attacker-controlled files to arbitrary server paths via the unsanitized layers[].id parameter being concat...
WordPress PixMagix – WordPress Image Editor plugin <= 1.7.2 - Authenticated (Author+) Path Traversal in 'layers[].id' Parameter vulnerability
Authenticated Author+ Path Traversal in 'layers.id' Parameter vulnerability discovered by devploit in WordPress Plugin PixMagix WordPress Image Editor versions = 1.7.2...
SUSE CVE-2026-55092
Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifact, it uses the org.opencontainers.image.title annotation from the artifact manifest as the destination filename without validation. An attacker who can make Trivy fetch an attacker-controlled artifact can supply a...
Improper Restriction of Rendered UI Layers or Frames
Overview Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames via the NbconvertFileHandler and NbconvertPostHandler classes when rendering user-authored notebook HTML without a proper sandbox directive in the Content-Security-Policy. An attacker...
BIT-GITLAB-2026-10733 Improper Restriction of Rendered UI Layers or Frames in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that could have allowed an authenticated user to cause denial of service on the CI/CD Catalog page due to improper sanitization...
PT-2026-48927
A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The get versioned path method in kedro/io/core.py directly interpolates user-supplied version strings into filesystem paths without sanitization. This enables an attacker to...
CVE-2026-10733 Improper Restriction of Rendered UI Layers or Frames in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that could have allowed an authenticated user to cause denial of service on the CI/CD Catalog page due to improper sanitization...
CVE-2026-10733
GitLab CVE-2026-10733 affects GitLab CE/EE versions prior to 18.10.8 (from 17.0 line), 18.11 prior to 18.11.5, and 19.0 prior to 19.0.2. Root cause: improper sanitization that could allow an authenticated user to cause a denial-of-service on the CI/CD Catalog page. Remediation: upgrade to the pat...
MCP Server Kubernetes 安全漏洞
MCP Server Kubernetes is a Kubernetes management server developed by Suyog Sonwalkar. Versions of MCP Server Kubernetes prior to 3.6.0 contained security vulnerabilities. These vulnerabilities stemmed from access control being executed at the tool discovery layer but not at the execution layer,...
Improper Restriction of Rendered UI Layers or Frames
Overview Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames due to missing security headers in the internal/web/ and internal/api/ response paths. An attacker can compromise the confidentiality and integrity of sensitive operations, such as...
An AI Security Agent for University ACMIS: Multi-Vector Threat Detection and Automated Response
University Academic Management Information Systems ACMIS are high-value targets for a wide spectrum of security threats including brute-force login attacks, payment fraud, privilege escalation, insider data theft, and academic integrity violations. Traditional rule-based intrusion detection syste...
Dissecting the Black Box: Circuit-Level Analysis of LLM Vulnerability Detection
Large language models LLMs can detect software vulnerabilities, but how do they actually identify vulnerable code? We address this question using mechanistic interpretability; analyzing the internal computations of a neural network to understand its reasoning process.Using Circuit Tracer on...
CVE-2026-9396
A security flaw has been discovered in Besen BS20 EV Charging Station up to 20260426. Affected by this vulnerability is an unknown functionality of the component Firmware Version Check. The manipulation results in improper restriction of rendered ui layers. The attack can be executed remotely. A...
CVE-2026-9396
The CVE-2026-9396 entry concerns Besen BS20 EV Charging Station firmware (up to 20260426). Affected component: Firmware Version Check. The vulnerability is caused by an issue in the UI layer rendering, where manipulation can cause improper restriction of rendered UI layers. The attack is describe...
CVE-2026-9396
A security flaw has been discovered in Besen BS20 EV Charging Station up to 20260426. Affected by this vulnerability is an unknown functionality of the component Firmware Version Check. The manipulation results in improper restriction of rendered ui layers. The attack can be executed remotely. A...
CVE-2026-9396 Besen BS20 EV Charging Station Firmware Version Check ui layer
A security flaw has been discovered in Besen BS20 EV Charging Station up to 20260426. Affected by this vulnerability is an unknown functionality of the component Firmware Version Check. The manipulation results in improper restriction of rendered ui layers. The attack can be executed remotely. A...
PT-2026-42620
Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in OCI images, Boxlite does not account for...