344 matches found
EUVD-2026-42593
A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt th...
WordPress Flatsome theme <= 3.20.5 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Theme Flatsome versions = 3.20.5...
BIT-GHOST-2026-53944 Ghost: Private IP filtering bypass to make server-side requests to internal services
Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, when making an external request, it is possible to bypass the IP filter that ensures the request isn't going to an internal service using an IPv6 literal which maps to a private IPv4 address. This vulnerability is fixed in...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.21.22 bug fix and security update
Red Hat OpenShift Container Platform release 4.21.22 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.21. Red Hat Product Security has rated this update as having a...
GHSA-4C3C-R6P8-C863 Flawfinder output manipulation via untrusted filenames and source text
Impact This vulnerability is an improper input neutralization issue leading to output manipulation, specifically, Terminal/ANSI Escape Sequence Injection and XML Injection: Terminal Output Spoofing: A malicious file whose name contains ANSI escape sequences can end up being included in flawfinder...
EUVD-2026-39712
Subscriber Arbitrary File Upload in Quform = 2.23.0 versions...
PT-2026-52843
Name of the Vulnerable Software and Affected Versions LXD versions prior to 6.9 LXD version 5.21 Description A nil-pointer dereference occurs in the CreateCustomVolumeFromBackup function when processing a specially crafted custom-volume backup tarball that omits the expires at snapshot field. An...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, a heap out-of-bounds read occurred in the smartcard SetAttrib path when cbAttrLen did not match the actual NDR buffer length. This vulnerability has been fixed in version 3.20.1...
NPM: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding
NPM: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding vulnerability discovered by ? in WordPress Npm undici versions 6.27.0...
CVE-2026-48783 Postiz has an unauthenticated billing-enforcement bypass via /public/modify-subscription
Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and applied subscription-enforcement side effects to the organization referenced in that token's claims, without verifying the token's intended purpose. The...
NPM: n8n: NoSQL Injection in MongoDB Node Find And Replace Operation
NPM: n8n: NoSQL Injection in MongoDB Node Find And Replace Operation vulnerability discovered by ? in WordPress Npm n8n versions 2.24.0...
PT-2026-50169
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.24.0 Description An endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers. This allows for reflected Cross-Site...
EUVD-2026-35713
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
Net::CIDR::Set 安全漏洞
Net::CIDR::Set is a Perl network address management library developed by RRWO’s individual developers. Versions of Net::CIDR::Set prior to 0.20 contained security vulnerabilities. These vulnerabilities stemmed from the acceptance of non-ASCII IP addresses and network masks. Unicode digits like...
RockyLinux 9 : nginx:1.24 (RLSA-2026:19371)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19371 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the RockyLinux security...
CVE-2025-53209 WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability
Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...
CVE-2025-53209 WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability
Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...
EUVD-2018-21949
Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers can send GET requests to the trec.php endpoint with crafted SQL payloads to extract database...
WordPress plugin Masteriyo LMS PRO 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Paroiciel SQL注入漏洞
Paroiciel is an parish management information system developed by the French company Paroiciel. Version 11.20 of Paroiciel contains a SQL injection vulnerability. This vulnerability stems from the tRecIdListe parameter, which allows for SQL injections. This could enable unauthenticated attackers ...