3887 matches found
PT-2026-50080
Subscriber Arbitrary Content Deletion in Brikk = 3.0.0 versions...
PT-2026-50100
Unauthenticated Cross Site Scripting XSS in MagOne = 9.0 versions...
EUVD-2026-36969
Subscriber Arbitrary File Upload in WP-BusinessDirectory = 4.0.0 versions...
CVE-2026-52694
Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce = 2.0 versions...
CVE-2026-52697 WordPress Taskbuilder plugin <= 5.0.7 - SQL Injection vulnerability
Subscriber SQL Injection in Taskbuilder = 5.0.7 versions...
EUVD-2026-36901
Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce = 2.0 versions...
EUVD-2026-36807
Unauthenticated SQL Injection in wpForo Forum = 3.0.4 versions...
EUVD-2026-37002
Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run...
CVE-2026-49111
Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0...
Moderate: Red Hat Security Advisory: mysql:8.0 security update
An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
PT-2026-49519
Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce = 2.0 versions...
EUVD-2026-36597
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.0 to before version 2.0.14, private services EnableShowInService: false are enumerable via per-server endpoints, leaking name and timing data. This issue has been patched in version...
EUVD-2026-36596
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.0.14, cross-site GET request can trigger stored cron commands on a victim's agents. This issue has been patched in version 2.0.14...
WordPress Page Builder: Pagelayer – Drag and Drop website builder plugin <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin PageLayer versions = 2.0.9...
CVE-2026-53406
Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...
CVE-2026-53406
Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...
CVE-2026-53406
Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...
RockyLinux 9 : .NET 9.0 (RLSA-2026:25221)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25221 advisory. dotnet: .NET: Local file tampering via link following vulnerability CVE-2026-45491 dotnet: ASP.NET Core: Denial of Service via uncontrolled resource...
RHSA-2026:25110 Red Hat Security Advisory: .NET 8.0 security update
Bulletin has no description...
CVE-2026-45328
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...