4331 matches found
CVE-2026-1321
The CVE-2026-1321 entry affects the WordPress plugin “Membership Plugin – Restrict Content” (Restrict Content) and describes an unauthenticated privilege-escalation in all versions up to 3.2.20. The root cause is that rcp_setup_registration_init() accepts any membership level ID via the rcp_level...
WordPress Membership plugin - Restrict Content plugin <= 3.2.20 - Unauthenticated Privilege Escalation via 'rcp_level' vulnerability
WordPress Membership plugin - Restrict Content plugin = 3.2.20 - Unauthenticated Privilege Escalation via 'rcplevel' vulnerability discovered by shark3y in WordPress Plugin Restrict Content versions = 3.2.20...
GHSA-47Q7-97XP-M272 OpenClaw: Config writes could persist resolved ${VAR} secrets to disk
Summary OpenClaw hooks previously compared the provided hook token using a regular string comparison. Because this comparison is not constant-time, an attacker with network access to the hooks endpoint could potentially use timing measurements across many requests to gradually infer the token. In...
EUVD-2026-8780
Fleet has an SQL Injection vulnerability via backtick escape in ORDER BY parameter...
CVE-2026-27799
A flaw was found in ImageMagick, a software suite used for editing and manipulating digital images. This vulnerability, a heap buffer over-read, exists within the component that handles DJVU image files. A local attacker could exploit this by processing a specially crafted DJVU image, leading to ...
CVE-2026-26186
Fleet is open source device management software. A SQL injection vulnerability in versions prior to 4.80.1 allowed authenticated users to inject arbitrary SQL expressions via the orderkey query parameter. Due to unsafe use of goqu.I when constructing the ORDER BY clause, specially crafted input...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection. An attacker can execute arbitrary code outside the intended sandbox boundary by creating or modifying workflows after authenticating with sufficient permissions. Workaround This vulnerability can be mitigated b...
CVE-2026-25982
A flaw was found in ImageMagick, a software suite for image manipulation. When processing specially crafted DICOM Digital Imaging and Communications in Medicine files, a vulnerability allows the software to read beyond its intended memory boundaries. This can lead to a Denial of Service, causing...
CVE-2026-21665
The Print Service component of Fiserv Originate Loans Peripherals formerly Velocity Services in unsupported version 2021.2.4 build 4.7.3155.0011 uses deprecated .NET Remoting TCP channels that allow unsafe deserialization of untrusted data. When these services are exposed to an untrusted network ...
CVE-2026-1304
The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in all versions up to, and including, 3.2.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...
CVE-2026-1304
The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in all versions up to, and including, 3.2.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...
CVE-2026-1304 Membership Plugin – Restrict Content <= 3.2.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Invoice Settings
The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in all versions up to, and including, 3.2.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...
CVE-2026-1304
CVE-2026-1304 concerns the WordPress plugin “Membership Plugin – Restrict Content for WordPress.” The issue is a Stored Cross-Site Scripting (Stored XSS) in multiple invoice settings fields across all versions up to 3.2.18, caused by insufficient input sanitization and output escaping. The vulner...
CVE-2026-1304 Membership Plugin – Restrict Content <= 3.2.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Invoice Settings
The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in all versions up to, and including, 3.2.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...
WordPress Membership Plugin - Restrict Content plugin <= 3.2.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Invoice Settings vulnerability
WordPress Membership Plugin - Restrict Content plugin = 3.2.18 - Authenticated Administrator+ Stored Cross-Site Scripting via Invoice Settings vulnerability discovered by Miguel Santareno in WordPress Plugin Restrict Content versions = 3.2.18...
PT-2026-20264
Name of the Vulnerable Software and Affected Versions jizhicms version 2.5.6 Description The software contains a SQL Injection issue in the 'Article/deleteAll' and 'Extmolds/deleteAll' functionalities. The issue is triggered through the data parameter. Recommendations Update to a newer version th...
CVE-2026-20680
The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. A sandboxed app may be able to access sensitive user data...
Schneider Electric SCADAPack and RemoteConnect
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...
PT-2026-7003
Name of the Vulnerable Software and Affected Versions code-projects Online Student Management System version 1.0 Description A flaw exists in the Login component of the Online Student Management System. Specifically, a SQL injection issue is present in the accounts.php file due to manipulation of...
PT-2026-6705
Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A flaw exists in itsourcecode Student Management System 1.0. The issue involves the manipulation of the ID argument within an unknown function of the...