EUVD-2026-38911

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: validate qrnumregions in dlmmatchregions Patch series "ocfs2/dlm: fix two bugs in dlmmatchregions". In dlmmatchregions, the qrnumregions field from a DLMQUERYREGION network message is used to drive loops over the...

EUVD-2025-26342

Cross-Site Request Forgery CSRF vulnerability in Akınsoft QR Menü allows Cross Site Request Forgery. This issue affects QR Menü: from s1.05.06 before v1.05.12...

CVE-2026-11205

An insufficient validation of untrusted input flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505290253...

CVE-2026-8608 Event Monster <= 2.1.0 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass via em_capture_payment AJAX Action

The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is due to the capturepayment AJAX handler registered via wpajaxnoprivemcapturepayment trusting...

CVE-2026-3208

The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mppiximage' WooCommerce API endpoint in all versions up to, and including, 8.7.11. This makes it possible for unauthenticated attackers to retrieve...

CVE-2025-13479

Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows Exploitation of Trusted Identifiers. This issue affects QR Menu: through 21052026. NOTE: The vendor was contacted early about this disclosure but did not respond in any w...

CVE-2026-24545

Missing Authorization vulnerability in Nikki Blight QR Redirector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects QR Redirector: from n/a through 2.0.3...

EUVD-2026-34666

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted QR code. Chromium security severity: Medium...

PT-2026-49250

A vulnerability classified as problematic was found in OpenCV wechat qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded bit stream parser.cpp. The manipulation leads to null pointer dereference. Th...

PT-2026-47070

Name of the Vulnerable Software and Affected Versions The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress versions prior to 2.1.1 Description The software is affected by Insufficient Verification of Data Authenticity. The capture payment AJAX handler, registered vi...

Linux Distros Unpatched Vulnerability : CVE-2026-11205

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to...

DEBIAN-CVE-2026-11205

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted QR code. Chromium security severity: Medium...

CVE-2026-11205

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted QR code. Chromium security severity: Medium...

CVE-2026-11205

CVE-2026-11205 concerns Insufficient validation of untrusted input in Chrome for iOS (Google Chrome on iOS) up to build 149.0.7827.53, enabling a remote attacker to cause UXSS if a user performs specific UI gestures prompted by a crafted QR code. The advisory notes a Medium severity (CVSS 3.1: AV...

CVE-2026-11205

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted QR code. Chromium security severity: Medium...

CVE-2026-11205

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted QR code. Chromium security severity: Medium...

EUVD-2024-54939

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Akınsoft QR Menü allows Forceful Browsing, Phishing. This issue affects QR Menü: from s1.05.05 before v1.05.12...

EUVD-2024-54947

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Akınsoft QR Menü allows Cross-Site Scripting XSS. This issue affects QR Menü: from s1.05.05 before v1.05.12...

a2a-lite (>=0.1.0 <=0.2.2), adb-connect-qr (>=0.1.0 <=0.1.3) +556 more potentially affected by CVE-2026-47180 via zeroconf (>=0.140.1 <=0.149.3)

zeroconf PYPI version =0.140.1, =0.1.0, =0.1.0, =0.1.0, =1.0.2, =1.0.1, =0.0.1, =1.4.8, =2.6.28, =0.7.1, =0.0.1, =1.7.0, =0.2.38, =3.2.20 and more Source cves: CVE-2026-47180 Source advisory: OSV:GHSA-9PGC-3CCV-5297...

a2a-lite (>=0.1.0 <=0.2.2), adb-connect-qr (>=0.1.0 <=0.1.3) +582 more potentially affected by CVE-2026-47180 via zeroconf (>=0.102.0 <=0.149.3)

zeroconf PYPI version =0.102.0, =0.1.0, =0.1.0, =0.1.0, =1.0.2, =1.0.1, =0.0.1, =1.4.8, =2.6.28, =0.7.1, =0.0.1, =1.7.0, =0.2.38, =3.2.20 and more Source cves: CVE-2026-47180 Source advisory: SNYK:PYTHON-ZEROCONF-17111095...