769 matches found
CVE-2026-46940
...
MINI-CR4F-VGFW-7RVR
Bulletin has no description...
PT-2026-46083
Certain URLs passed to the redirect function can trigger an open redirect to an external domain depending on the level of validation done by the application prior to returning the redirect. !NOTE This does not impact your React Router application if you are using Declarative Mode...
CVE-2026-34358
creationtimestamp| type| source ---|---|--- 2026-05-19 23:01:48+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmaioiuwkz2g 2026-05-19 23:07:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmaiyukcv72p...
LuxeMart-
No d...
MINI-4F7X-C7P5-Q47M
Bulletin has no description...
CVE-2026-34276
CVE-2026-34276 affects Oracle MySQL Server (Group Replication Plugin). Affected versions: MySQL 8.0.0–8.0.45, 8.4.0–8.4.8, and 9.0.0–9.6.0. The vulnerability allows a low-privileged, network-accessible attacker (via multiple protocols) to cause a hang or a frequently repeatable crash of MySQL Ser...
Official Clerk JavaScript SDKs: Middleware-based route protection bypass
Summary createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. Sessions are not compromised and no existing user can be impersonated - the bypass only affects the...
CVE-2026-27802
A flaw was found in Vaultwarden. A manager, an authorized user, can exploit this vulnerability by performing a bulk permission update to collections they are not authorized to access. This can lead to privilege escalation, allowing the manager to gain unauthorized access and control over these...
CVE-2025-57793
creationtimestamp| type| source ---|---|--- 2026-01-28 19:21:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdiyn7p42h26 2026-01-28 19:48:12+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdj24mba3u23...
EUVD-2026-4456
ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...
CVE-2026-22463
creationtimestamp| type| source ---|---|--- 2026-01-22 17:43:15+00:00| seen| https://gist.github.com/Darkcrai86/a88e0cde08fb268e1fc15fc740109cd4...
EUVD-2026-3879
A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in...
EUVD-2026-3983
Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through = 2.7.4...
EUVD-2026-4067
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in bslthemes Myour myour allows PHP Local File Inclusion.This issue affects Myour: from n/a through = 1.5.1...
CVE-2026-21922
...
EUVD-2026-2544
The List Site Contributors plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'alpha' parameter in versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...
EUVD-2026-2133
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Management Services allows an authorized attacker to elevate privileges locally...
EUVD-2026-0608
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0699
A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/workupdate.jsp. This manipulation of the argument Report causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. The vend...