2864 matches found
Astra Linux – Vulnerability in Linux
A flaw was discovered in the Linux kernel’s implementation of string matching within packets. A privileged user with root or CAPNETADMIN status can insert rules into iptables, and this action may cause the system to panic. The issue affects kernels prior to version 5.5-rc1...
Astra Linux – Vulnerability in Node-Elliptic
The verify function in lib/elliptic/eddsa/index.js within the Elliptic package, as of version 6.5.6 for Node.js, omits the validation of the condition “sig.S.gtesig.eddsa.curve.n || sig.S.isNeg”...
EUVD-2026-37676
Unauthenticated PHP Object Injection in Mildhill = 1.5 versions...
WordPress Gutenverse Companion plugin <= 2.5.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by mxym in WordPress Plugin Gutenverse Companion versions = 2.5.0...
CVE-2025-69170
Unauthenticated Local File Inclusion in Eventicity = 1.5 versions...
EUVD-2026-37690
Unauthenticated PHP Object Injection in SingleMalt = 1.5 versions...
EUVD-2025-210266
Unauthenticated Local File Inclusion in Eventicity = 1.5 versions...
CVE-2026-46884
Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM component: Marketing. Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attac...
CVE-2026-46857
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Oracle Management Service. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...
CVE-2026-46855
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Metadata Plugin. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle...
CVE-2026-46832
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Discovery Framework. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise...
CVE-2026-49079 WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability
Unauthenticated SQL Injection in JetSearch = 3.5.17 versions...
CVE-2026-48055
Streambert (Electron-based desktop app) has a Zip Slip vulnerability in its subtitle extraction logic affecting versions up to 2.4.0. The code concatenates raw archive entry names to a temporary directory, enabling path traversal and arbitrary file writes if a malicious ZIP with traversal sequenc...
EUVD-2026-37060
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.5.1. The plugin chains three independent flaws that together allow an authenticated Agent Agent+ to overwrite a...
PT-2026-50101
Unauthenticated Local File Inclusion in Aperitif = 1.5 versions...
EUVD-2026-36972
Unauthenticated Cross Site Scripting XSS in Notification for Telegram = 3.5 versions...
CVE-2026-48872
Unauthenticated Sensitive Data Exposure in EmbedPress = 4.5.2 versions...
CVE-2026-40732
Unauthenticated Cross Site Scripting XSS in Notification for Telegram = 3.5 versions...
CVE-2026-49083 WordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerability
Contributor Privilege Escalation in LatePoint = 5.5.1 versions...
CVE-2026-49083
Summary: CVE-2026-49083 affects the WordPress LatePoint plugin and is a privilege-escalation vulnerability in versions ≤ 5.5.1. What’s affected: WordPress LatePoint plugin (versions up to and including 5.5.1). Impact (as per provided metrics): CVSS 3.1 base score 7.5 (High), with network attack v...