434 matches found
CVE-2026-57828
The CVE-2026-57828 entry concerns the Joomla extension Phoca Downloads (Phoca.cz) with an authenticated arbitrary file upload vulnerability in the RSFiles component prior to 6.1.3. The issue allows registered users to upload executable files, enabling full remote code execution (RCE). The provide...
EEF-CVE-2026-55952 TLS 1.3 server denial of service via malformed ClientHello pre-shared key extension
Summary The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tls\handshake\1\3:handle\pre\shared\key/3, an OfferedPreSharedKeys...
CVE-2026-5138
creationtimestamp| type| source ---|---|--- 2026-07-02 00:35:08+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmrxhtt7u2q 2026-07-02 02:11:31+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmxdt3ckv2y 2026-07-02 08:15:52+00:00| seen|...
CVE-2025-63041 WordPress Forget About Shortcode Buttons plugin <= 2.1.3 - Broken Access Control vulnerability
Contributor Broken Access Control in Forget About Shortcode Buttons = 2.1.3 versions...
EUVD-2026-39554
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...
EUVD-2026-39372
Unauthenticated Local File Inclusion in MDTF = 1.3.8 versions...
EUVD-2026-39361
Contributor Sensitive Data Exposure in Elementor Website Builder = 4.1.3 versions...
crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages
A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...
CVE-2026-11877
An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3...
CVE-2026-8622
The CVE-2026-8622 entry concerns the WordPress plugin Image Sizes on Demand (versions affected: all up to and including 1.3). The vulnerability is a Reflected Cross-Site Scripting (XSS) via the PHP_SELF server variable caused by insufficient input sanitization and output escaping. It allows unaut...
CVE-2026-3652
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the value parameter of the arfsaveincompleteformdata AJAX action in all versions up to, and including, 7.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2026-3652 ARForms <= 7.1.3 - Unauthenticated Stored Cross-Site Scripting via 'value' Parameter
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the value parameter of the arfsaveincompleteformdata AJAX action in all versions up to, and including, 7.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2026-3652
CVE-2026-3652: The ARForms WordPress plugin is vulnerable to an Unauthenticated Stored Cross-Site Scripting (XSS) via the value parameter of the arf_save_incomplete_form_data AJAX action. Affected are all versions up to 7.1.3. The root cause is insufficient input sanitization and output escaping,...
PT-2026-51650
Name of the Vulnerable Software and Affected Versions ARForms versions prior to 7.1.4 Description Insufficient input sanitization and output escaping in the ARForms plugin allow unauthenticated attackers to perform Stored Cross-Site Scripting XSS. By exploiting the value parameter of the arf save...
PT-2026-51819
Name of the Vulnerable Software and Affected Versions OpenText Access Manager versions prior to 5.1.3 Description An unauthorized user can modify configuration through API calls, which impacts the OpenText Access Manager. Recommendations Update OpenText Access Manager to version 5.1.3 or later...
CVE-2026-41049 Caching of Authentication allows Authentication Bypass between users in qSnapper
Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them...
EUVD-2025-210259
Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme = 3.1.3 versions...
CVE-2026-40733
Unauthenticated PHP Object Injection in ShiftUp = 1.3 versions...
CVE-2025-69125
Technical details about CVE-2025-69125 (WordPress Food Drop theme ≤1.3 LFI) are not provided in the supplied documents. Monitor for updates and future advisories to obtain affected versions, impact, and remediation information.
EUVD-2026-36913
Unauthenticated PHP Object Injection in Broadcast Live Video 7.1.3 versions...