230468 matches found
GHSA-WF93-45JW-7689 vulnerabilities
Vulnerabilities for packages: graalvm, wazuh-manager-fips...
CVE-2026-8643 vulnerabilities
Vulnerabilities for packages: graalvm, wazuh-manager-fips...
The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager lies in the lack of a mechanism for verifying input data during backup scenarios. This allows a malicious actor to execute arbitrary code with SYSTEM privileges.
The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager is related to deficiencies in the mechanism for verifying input data during backup scenario execution. Exploiting this vulnerability could allow an attacker, operating...
MAL-2026-10515 Malicious code in nodemon-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3f5aa35dd34f3c1d075d6ebee3f25a0445780f6f2c78d55a958868e530fe315 nodemon-web copies the source of the popular nodemon package verbatim and reuses Remy Sharp's author metadata and the...
CVE-2026-9820
Mattermost versions 11.7.x <= 11.7.2 and 10.11.x
CVE-2026-61985
Missing Authorization vulnerability in magepeopleteam Car Rental Manager car-rental-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Rental Manager: from n/a through = 1.3.7...
CVE-2026-61958
Missing Authorization vulnerability in Saad Iqbal License Manager for WooCommerce license-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects License Manager for WooCommerce: from n/a through = 3.0.17...
CVE-2026-57772
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Inventory WP Inventory Manager wp-inventory-manager allows Blind SQL Injection.This issue affects WP Inventory Manager: from n/a through = 2.4.0...
CVE-2026-57713
Deserialization of Untrusted Data vulnerability in Marcus aka @msykes Events Manager events-manager allows Object Injection.This issue affects Events Manager: from n/a through = 7.3.6...
CVE-2026-57404
Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking and Rental Manager: from n/a through = 2.6.9...
CVE-2026-57400
Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through = 1.5.5...
CVE-2026-57398
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebCodingPlace Real Estate Manager Pro real-estate-manager-pro allows Reflected XSS.This issue affects Real Estate Manager Pro: from n/a through = 12.8.3...
MAL-2026-10431 Malicious code in @tailwind-ts/eslint-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8feb6293e6f7cb00a6c6ab82e6d04f8eae29e846ae0abb8a1d65e2cdfbbc9c7 Package is published as an ESLint plugin for Tailwind CSS v4, but the shipped code implements unrelated Polymarket Kelly stake math and a postinstall...
CVE-2026-9708
Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to validate that an assigned incoming webhook user has access to the target team or channel, which allows a requester with webhook management permissions to create posts or direct messages attributed to another user via...
CVE-2026-49876 Apache Gravitino: Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs
Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 through 1.2.1. Users are recommended to upgrade to...
CVE-2026-61958
CVE-2026-61958 concerns the WordPress plugin “License Manager for WooCommerce” (license-manager-for-woocommerce) versions up to 3.0.17. The issue is a Missing Authorization vulnerability that allows exploitation through incorrectly configured access control, enabling arbitrary content deletion wi...
CVE-2026-57772
CVE-2026-57772 concerns WP Inventory Manager (WordPress plugin) with an SQL Injection issue in the wp-inventory-manager component. The vulnerability is described as Blind SQL Injection and affects WP Inventory Manager versions up to and including 2.4.0 (and from an unspecified starting version). ...
CVE-2026-61985
CVE-2026-61985 affects the WordPress Car Rental Manager plugin (
CVE-2026-57772 WordPress WP Inventory Manager plugin <= 2.4.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Inventory WP Inventory Manager wp-inventory-manager allows Blind SQL Injection.This issue affects WP Inventory Manager: from n/a through = 2.4.0...
CVE-2026-61985 WordPress Car Rental Manager plugin <= 1.3.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in magepeopleteam Car Rental Manager car-rental-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Rental Manager: from n/a through = 1.3.7...