230112 matches found
CVE-2026-10104
The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass
HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22 contains an authentication bypass vulnerability which could be remotely exploited to bypass remote authentication and possibly lead to execution of arbitrary commands, gaining...
Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcard
A vulnerability in Ivanti Endpoint Manager EPM allows an unauthenticated attacker to coerce the EPM machine account credential via the GetHashForWildcard endpoint. The vulnerability exists due to improper input validation in the wildcard parameter, allowing an attacker to specify a remote UNC pat...
WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by dodoh4t in WordPress Plugin WPIDE – File Manager & Code Editor versions = 3.5.6...
WordPress Permalink Manager for WooCommerce plugin <= 1.0.8.2 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by dodoh4t in WordPress Plugin Permalink Manager for WooCommerce versions = 1.0.8.2...
CVE-2026-10104
The Product Video Gallery for Woocommerce plugin (WordPress) is affected up to version 1.5.1.8 by a Stored Cross-Site Scripting flaw in the custom_thumbnail parameter, caused by insufficient input sanitization and output escaping. Exploitation requires shop manager-level access or higher (authent...
EUVD-2026-41269
The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
ROOT-APP-NPM-CVE-2026-39365 CVE-2026-39365 in @rootio/vite - Patched by Root
Root has patched CVE-2026-39365 in the @rootio/vite package for Root:npm. Multiple fixed versions available...
CVE-2026-11578
The CVE concerns the Fluent Forms WordPress plugin prior to 6.2.5, where deletion of form submission entries is not properly restricted to forms a restricted Manager is authorized to manage. This misconfiguration allows a Manager limited to specific forms to permanently delete submission entries ...
CVE-2026-11578 Fluent Forms < 6.2.5 - Form Manager+ Cross-Form Submission Entry Deletion via IDOR
The Fluent Forms WordPress plugin before 6.2.5 does not properly restrict the deletion of form submission entries to the forms a restricted Manager is authorized to manage, allowing a Manager limited to specific forms to permanently delete submission entries belonging to other forms. This require...
netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass
A flaw was found in Netty, a network application framework. This vulnerability allows a remote attacker to bypass hostname verification due to improper handling of user-supplied trust managers. When a client is configured with a plain X.509 Trust Manager X509TrustManager, it fails to perform...
EUVD-2026-38009
Rancher vulnerable to command injection through unsanitized YAML parameter...
Malicious code in vitest-agent (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e0165cbb3d6ed37a96889c4b016463706346e1c09413635c31ea1ceedde8774 The package's postinstall script node lib/utils/index.js spawns a detached, stdio-suppressed Node child process that runs...
CVE-2026-58036
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryAllUsers.Php, includes/Api/ApiQueryUsers.Php, includes/Permissions/PermissionManager.Php,...
CVE-2026-58036
The CVE-2026-58036 entry applies to Wikimedia Foundation MediaWiki. Affected components include ApiQueryAllUsers.php, ApiQueryUsers.php, PermissionManager.php, and UserGroupManager.php, with the underlying issue described as Exposure of Sensitive Information to an Unauthorized Actor. The known im...
CVE-2026-58036
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryAllUsers.Php, includes/Api/ApiQueryUsers.Php, includes/Permissions/PermissionManager.Php,...
CVE-2026-8387
A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...
urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers
A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...
kernel: dlm: validate length in dlm_search_rsb_tree
A flaw was found in the Linux kernel's Distributed Lock Manager dlm module. An attacker could send specially crafted network messages with an oversized length parameter to the dlmdumprsbname function. This lack of validation can lead to an out-of-bounds write in the dlmsearchrsbtree function,...
kernel: dlm: validate length in dlm_search_rsb_tree
A flaw was found in the Linux kernel's Distributed Lock Manager dlm module. An attacker could send specially crafted network messages with an oversized length parameter to the dlmdumprsbname function. This lack of validation can lead to an out-of-bounds write in the dlmsearchrsbtree function,...