7292 matches found
Quiz and Survey Master <= 8.1.4 - SQL Injection
ExpressTech Quiz And Survey Master versions up to 8.1.4 contains an SQL injection caused by improper neutralization of special elements used in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires user interaction. id: CVE-2023-28787 info: name: Quiz and Survey Master =...
ASUSTOR ADM 3.1.0.RFQ3 - SQL Injection
ASUSTOR ADM version 3.1.0.RFQ3 is vulnerable to SQL injection via the albumid parameter in the /photo-gallery/api/album/treelists/ endpoint. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the database, potentially leading to information disclosure or further...
TerraMaster TOS < 4.2.06 - User Enumeration
User Enumeration vulnerability in TerraMaster TOS = 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php. id: CVE-2020-28185 info: name: TerraMaster TOS 4.2.06 - User Enumeration author: pussycat0x severity:...
Apache Spark - Authentication Bypass
In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even...
CVE-2026-9230
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress
EUVD-2026-36320
OpenClaw: Hook-triggered CLI runs could receive owner MCP tool authority...
UBUNTU-CVE-2026-53339
In the Linux kernel, the following vulnerability has been resolved: i2c: qcom-cci: Fix NULL pointer dereference in cciremove On all modern platforms Qualcomm CCI controller provides two I2C masters, and on particular boards only one I2C master may be initialized, and in such cases the device...
PYSEC-2026-529 Salt vulnerable to directory traversal attack in file receiving method
Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...
PYSEC-2026-436 SatyaLab opendiamond 10.1.1 vulnerable to path traversal because Flask send_file function used unsafely
The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely. A patch is available on the master branch of the repository...
CVE-2026-9233
CVE-2026-9233 affects the WordPress plugin Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker up to version 11.1.4 . The root cause is an authorization bypass in the AJAX action qsm_insert_quiz_template , allowing authenticated users with contributor-level access and above to create, modif...
EUVD-2026-39952
The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-9233 Quiz and Survey Master (QSM) <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via qsm_insert_quiz_template AJAX Action
The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-53030
A flaw was found in the Linux kernel, specifically within the i3c master renesas driver. This vulnerability is caused by a memory leak in the renesasi3ci3cxfers function, where an allocated xfer structure is not properly freed. An attacker could potentially exploit this to cause a denial of servi...
SUSE CVE-2026-53193
In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Forcibly close timer instances at closing When sndtimer object is freed via sndtimerfree and still pending sndtimerinstance objects are assigned to the timer object, it tries to unlink all instances and just set NULL...
CVE-2026-56014
Unauthenticated Cross Site Scripting XSS in Master Slider = 3.11.2 versions...
CVE-2026-56014 WordPress Master Slider plugin <= 3.11.2 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Master Slider = 3.11.2 versions...
CVE-2026-56014
CVE-2026-56014 concerns the WordPress Master Slider plugin (versions <= 3.11.2) and describes an Unauthenticated Cross Site Scripting (XSS) vulnerability. The connected sources confirm the affected product and version range and indicate that exploitation is possible without authentication, wit...
EUVD-2026-39377
Unauthenticated Cross Site Scripting XSS in Master Slider = 3.11.2 versions...
PT-2026-52428
Name of the Vulnerable Software and Affected Versions Master Slider versions prior to 3.11.3 Description An unauthenticated cross-site scripting XSS flaw exists in the web-facing input handling. The issue stems from improper input validation and output encoding, which allows attacker-supplied...
PT-2026-52582
Unauthenticated Broken Access Control in Paymob for WooCommerce = 4.1.2 versions...