165 matches found
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.16 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.16...
Audiobookshelf Unauthenticated API Authentication Bypass Scanner
This module detects Audiobookshelf servers affected by CVE-2025-25205, an unauthenticated authentication bypass. Affected versions 2.17.0 through 2.19.0 decide whether a GET request may skip authentication by testing an unanchored regular expression against the request's full original URL,...
CVE-2026-48137
There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution. Successful exploitation requires an attacker to supply a specially...
CVE-2026-48140 Unchecked enum cast vulnerability in NI grpc-device in BeginSidebandStream
There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulting in a denial of service. Successful exploitation requires an attacker to supply a specially crafted message...
PT-2026-50892
Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description A memory leak exists in the BeginSidebandStream function, which can lead to a denial of service condition caused by memory exhaustion. Recommendations Update to a version later than 2.17.0. A...
CVE-2025-69162
Unauthenticated Local File Inclusion in Grecko = 5.17 versions...
EUVD-2026-37003
Unauthenticated Cross Site Scripting XSS in SEO Redirection = 9.17 versions...
PT-2026-49392
Unauthenticated Cross Site Scripting XSS in Paid Member Subscriptions = 2.17.3 versions...
CVE-2026-33212
Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope. The attacker needs to brute-force the random UUID of the task, so...
CVE-2026-42475
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted on array to the joinOn function in BuildHelper.php...
PT-2026-47074
Name of the Vulnerable Software and Affected Versions WP User Manager – User Profile Builder & Membership versions prior to 2.9.18 Description The plugin is susceptible to Local File Inclusion, a condition where an application includes files on a local server unexpectedly. This occurs through the...
MGASA-2026-0157 Updated perl-HTTP-Daemon package fixes a security vulnerability
The updated package fixes a security vulnerability: HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. CVE-2026-8450...
UBUNTU-CVE-2026-47330
Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug can be triggered by an unprivileged local user and can result in the incorrect caching of AppArmor notification responses...
Canonical Ubuntu Linux 安全漏洞
Canonical Ubuntu Linux is a Linux operating system developed by the British company Canonical. The Canonical Ubuntu Linux versions 6.8, 6.17, and 7.0 have security vulnerabilities. These vulnerabilities stem from potential null pointer dereferencing when handling AFINET/AFINET6 socket mediation,...
CVE-2026-47327
Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a kernel oops...
NPM: SillyTavern has a reflected XSS vulnerability in the CORS proxy middleware
NPM: SillyTavern has a reflected XSS vulnerability in the CORS proxy middleware discovered by ? in WordPress Npm sillytavern versions = 1.17.0...
CVE-2025-40948
A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...
UBUNTU-CVE-2026-42225
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport siptransporttls can accept connections with invalid or untrusted certificates even when the application explicitly enables certificate verification via...
CVE-2026-42225 GnuTLS backend silently skips certificate chain verification when verify_peer is false
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport siptransporttls can accept connections with invalid or untrusted certificates even when the application explicitly enables certificate verification via...
CVE-2026-42225
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport siptransporttls can accept connections with invalid or untrusted certificates even when the application explicitly enables certificate verification via...