147414 matches found
EUVD-2026-43556
Spring Boot Admin Server before 4.1.2 contains a server-side request forgery vulnerability that allows unauthenticated attackers to register instances with attacker-controlled healthUrl and managementUrl parameters without validation against private IP ranges or metadata endpoints. Attackers can...
EUVD-2026-43542
Lorex 2K Indoor Wi-Fi Security Camera Device Management Server Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. User interaction is not required to...
The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems allows a hacker to cause a service failure.
The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems is related to incorrect resource management. Exploiting this vulnerability can allow an attacker to cause service failures...
EUVD-2024-24347
GeoNode: Stored XSS to full account takeover...
CVE-2026-57411
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aman CF7 Views Complete Entry Management for Contact Form 7 cf7-views allows DOM-Based XSS.This issue affects CF7 Views Complete Entry Management for Contact Form 7: from n/a through = 3.2.2...
EUVD-2026-43281
A vulnerability was identified in itsourcecode Hospital Management System 1.0. This affects an unknown part of the file /patviewprescription.php. The manipulation of the argument delid leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and mig...
CVE-2026-57411 WordPress CF7 Views – Complete Entry Management for Contact Form 7 plugin <= 3.2.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aman CF7 Views Complete Entry Management for Contact Form 7 cf7-views allows DOM-Based XSS.This issue affects CF7 Views Complete Entry Management for Contact Form 7: from n/a through = 3.2.2...
CVE-2026-57411
The CVE-2026-57411 entry concerns the WordPress plugin cf7-views (Aman CF7 Views – Complete Entry Management for Contact Form 7) with a DOM-based XSS vulnerability due to improper neutralization during web page generation. Affected versions are up to 3.2.2. CVSS v3.1 base score is 7.1 (HIGH); att...
Vulnerabilities are being addressed in the Progress MOVEit Transfer process.
Progress has addressed vulnerabilities in MOVEit Transfer, specifically in the Custom Reports module and the Ad Hoc module. These vulnerabilities affect multiple versions of MOVEit Transfer, including 25.0.0 to 25.0.7, 25.1.0 to 25.1.3, and 26.0.0 just before 26.0.1. One vulnerability in the Cust...
CVE-2026-9708 Incoming webhook user attribution via unvalidated webhook owner
Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to validate that an assigned incoming webhook user has access to the target team or channel, which allows a requester with webhook management permissions to create posts or direct messages attributed to another user via...
CVE-2026-9708
Mattermost vulnerable versions (11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x
CVE-2026-12582
The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes...
CVE-2026-15536
A vulnerability was identified in itsourcecode Hospital Management System 1.0. This affects an unknown part of the file /patviewprescription.php. The manipulation of the argument delid leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and mig...
CVE-2026-15532
A vulnerability was identified in SourceCodester Online Book Store System 1.0. This issue affects some unknown processing of the component User Management Module. Such manipulation of the argument Name/Username leads to cross site scripting. The attack can be executed remotely. The exploit is...
CVE-2026-15533
A security flaw has been discovered in DedeCMS 5.7.118. Impacted is an unknown function of the file /plus/search.php of the component Column Management. Performing a manipulation of the argument Column Name results in code injection. The attack is possible to be carried out remotely. The exploit...
CVE-2026-12582 Library Management System < 3.5.8 - Unauthenticated SQL Injection via book_id
The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes...
CVE-2026-12582
The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes...
CVE-2026-15536
CVE-2026-15536 affects itsourcecode Hospital Management System 1.0. The vulnerability is in /patviewprescription.php where manipulating the delid parameter enables SQL injection . It allows remote exploitation and publicly available exploits exist.
Vulnerabilities found in Juniper Networks’ Junos OS and Junos OS Evolved
Juniper has identified several vulnerabilities in Junos OS and Junos OS Evolved, specifically related to devices in the MX Series, PTX Series, QFX Series, EX Series, SRX Series, and QFX10000 Series. These vulnerabilities affect various components of Junos OS and Junos OS Evolved, including the...
CVE-2026-15533
A security flaw has been discovered in DedeCMS 5.7.118. Impacted is an unknown function of the file /plus/search.php of the component Column Management. Performing a manipulation of the argument Column Name results in code injection. The attack is possible to be carried out remotely. The exploit...