2864 matches found
EUVD-2026-37821
Steeltoe: OAEP setting silently selects PKCS1 v1.5 padding...
CVE-2026-42382
Unauthenticated Local File Inclusion in Audrey = 1.5 versions...
CVE-2026-57343 WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Real Estate 7 = 3.5.9 versions...
CVE-2026-42382 WordPress Audrey theme <= 1.5 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Audrey = 1.5 versions...
CVE-2026-14029
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2026-10104 Product Video Gallery for Woocommerce <= 1.5.1.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via custom_thumbnail Parameter
The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-11594
CVE-2026-11594 affects IBM WebSphere Application Server components (8.5 and 9.0; with related advisories also mentioning 9.1) where the administrative console is vulnerable to cross-site scripting. The core issue is XSS in the administrative console login/page rendering. Public bulletins from IBM...
EUVD-2026-40396
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system...
Important: Red Hat Security Advisory: ruby:2.5 security update
An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Security Bulletin: NVIDIA AIStore Framework - June 2026
NVIDIA has released a software update for NVIDIA® AIStore™ framework. To protect your system, download and install the latest version of the NVIDIA AIStore framework. Go to NVIDIA Product Security. Details The following table summarizes the potential vulnerabilities that this security update...
CVE-2026-43724
CVE-2026-43724 affects macOS Tahoe (kernel) and is described as an issue where an app may be able to cause unexpected system termination or write kernel memory. The fixed variant is addressed by improved input sanitization and is released in macOS Tahoe 26.5.2 (also reflected for iOS 26.5.2 and i...
PYSEC-2026-261 NASA AIT-Core vulnerable to remote code execution
An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string...
PT-2026-53706
Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A double free issue, which occurs when the system attempts to free the same memory location twice, was addressed with improved memory...
CVE-2026-13333
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'queryselect' Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2026-13331 Groundhogg <= 4.5.5 - Authenticated (Marketer+) SQL Injection via 'search' Parameter
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
PT-2026-53038
Name of the Vulnerable Software and Affected Versions Ivory Search – WordPress Search Plugin versions prior to 5.5.16 Description Insufficient input sanitization and output escaping allow authenticated attackers with administrator-level access and above to perform Stored Cross-Site Scripting XSS...
CVE-2026-57667
Sales Representative SQL Injection in Groundhogg = 4.5 versions...
CVE-2026-56055
Subscriber PHP Object Injection in RealHomes = 4.5.3 versions...
CVE-2026-54832
Unauthenticated Broken Access Control in Gutenverse Companion = 2.5.0 versions...
EUVD-2026-39671
Sales Representative SQL Injection in Groundhogg = 4.5 versions...