952 matches found
July 14, 2026-KB5101004 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 23H2
None None...
CVE-2026-5523
The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.1.8. This is due to the updateuser function accepting a user ID parameter from form submissions without verifying that the authenticated user has permission to edit that specific...
Important: Red Hat Security Advisory: kpatch-patch-4_18_0-477_107_1, kpatch-patch-4_18_0-477_120_1, kpatch-patch-4_18_0-477_130_1, and kpatch-patch-4_18_0-477_97_1 security update
An update for multiple packages is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
CVE-2026-53643
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API endpoints. The root cause is a combination of the canalwaysaccess module flag which grants all staff access to certain...
EUVD-2026-41279
Unauthenticated Cross Site Scripting XSS in Admin and Site Enhancements ASE Pro = 8.8.5 versions...
CVE-2026-14029
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
EUVD-2026-41271
A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 included, 4.8.0 to 4.8.15 included , 5.0.0 to 5.0.5 included There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the...
CVE-2026-10104 Product Video Gallery for Woocommerce <= 1.5.1.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via custom_thumbnail Parameter
The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-8480
A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 included, 4.4.0 to 4.8.15 included , 5.0.2 EA to 5.0.5 included A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to...
CVE-2026-57320
Unauthenticated Cross Site Scripting XSS in BEAR = 1.1.8 versions...
EUVD-2025-210361
Contributor Cross Site Scripting XSS in BNE Testimonials = 2.0.8 versions...
EUVD-2026-39753
Unauthenticated Cross Site Request Forgery CSRF in Abandoned Cart Lite for WooCommerce = 6.8.0 versions...
CVE-2026-57325
The CVE-2026-57325 covers an unauthenticated Cross-Site Scripting (XSS) vulnerability in the WordPress NanoMag theme versions up to 1.8. The issue affects the NanoMag theme code path exposed to users, enabling XSS payloads without authentication. Documents confirm the affected product (WordPress ...
WordPress BNE Testimonials plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BNE Testimonials versions = 2.0.8...
PT-2026-52843
Name of the Vulnerable Software and Affected Versions LXD versions prior to 6.9 LXD version 5.21 Description A nil-pointer dereference occurs in the CreateCustomVolumeFromBackup function when processing a specially crafted custom-volume backup tarball that omits the expires at snapshot field. An...
CVE-2026-49411 Deno Node TCPWrap numeric hostname aliases bypass --deny-net resolved-IP deny checks
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.0, the Node.js compatibility TCP path checked the permission against the original hostname string before resolution and then did not re-check after resolution. A caller could therefore pass a numeric alias of an IP address fo...
EUVD-2026-11599
OpenCTI has Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature...
CVE-2026-54285
Opentelemetry-js (OpenTelemetry JavaScript client) is affected by CVE-2026-54285 through the W3CBaggagePropagator.extract() path in @opentelemetry/core prior to 2.8.0, where inbound baggage headers were not capped and could trigger memory allocation proportional to header size. The issue is fixed...
CVE-2026-56404
libexpat before 2.8.2 has an integer overflow in addBinding...
CVE-2026-56131
libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...