3866 matches found
CVE-2026-21422
Dell PowerScale OneFS, versions 9.10.0.0 through 9.13.1.0, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to protection mechanism bypass...
CVE-2026-21422
Dell PowerScale OneFS (versions 9.10.0.0–9.10.1.5 and 9.11.0.0–9.12.0.1) contains an external control of a system or configuration setting vulnerability. A high-privileged attacker with local access could potentially exploit this to bypass protection mechanisms. The available references describe ...
EUVD-2026-9353
The Taskbuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2026-26279
Froxlor is open source server administration software. Prior to 2.3.4, a typo in Froxlor's input validation code == instead of = completely disables email format checking for all settings fields declared as email type. This allows an authenticated admin to store arbitrary strings in the...
CVE-2026-26279 Froxlor Admin-to-Root Privilege Escalation via Input Validation Bypass + OS Command Injection
Froxlor is open source server administration software. Prior to 2.3.4, a typo in Froxlor's input validation code == instead of = completely disables email format checking for all settings fields declared as email type. This allows an authenticated admin to store arbitrary strings in the...
CVE-2026-26279 Froxlor Admin-to-Root Privilege Escalation via Input Validation Bypass + OS Command Injection
Froxlor is open source server administration software. Prior to 2.3.4, a typo in Froxlor's input validation code == instead of = completely disables email format checking for all settings fields declared as email type. This allows an authenticated admin to store arbitrary strings in the...
PT-2026-22840
Name of the Vulnerable Software and Affected Versions Froxlor versions prior to 2.3.4 Description Froxlor is open source server administration software. A flaw in the input validation code, specifically a typo where '==' was used instead of '=', disables email format checking for settings fields...
CVE-2026-3378
A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromqossetting of the file /goform/qossetting. Executing a manipulation of the argument qos can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used...
CVE-2026-3378 Tenda F453 qossetting fromqossetting buffer overflow
A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromqossetting of the file /goform/qossetting. Executing a manipulation of the argument qos can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used...
PT-2026-22498
Name of the Vulnerable Software and Affected Versions Tenda F453 version 1.0.0.3 Description A flaw exists in the fromqossetting function of the /goform/qossetting file. Manipulation of the qos argument can lead to a buffer overflow. The attack can be launched remotely. Recommendations Update to ...
Tenda F453 安全漏洞
The Tenda F453 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.3 of the Tenda F453 contains a security vulnerability. This vulnerability stems from incorrect handling of the parameter “qos” in the function “fromqossetting” within the file/goform/qossetting, which may lea...
Tenda F453 安全漏洞
The Tenda F453 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.3 of the Tenda F453 contains a security vulnerability. This vulnerability stems from improper handling of the parameter mitssidindex in the file/goform/AdvSetWrlsafeset, which may lead to a buffer overflow...
CVE-2026-26973 Discourse doesn't scope reviewable notes to user-visible reviewables
Discourse is an open source discussion platform. Versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 have an IDOR Insecure Direct Object Reference in ReviewableNotesController. When enablecategorygroupmoderation is enabled, a user belonging to a category moderation group can create or delete thei...
EUVD-2026-8878
Discourse is an open source discussion platform. Versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 have an IDOR Insecure Direct Object Reference in ReviewableNotesController. When enablecategorygroupmoderation is enabled, a user belonging to a category moderation group can create or delete thei...
CVE-2026-26973
Discourse is an open source discussion platform. Versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 have an IDOR Insecure Direct Object Reference in ReviewableNotesController. When enablecategorygroupmoderation is enabled, a user belonging to a category moderation group can create or delete thei...
CVE-2026-2499
CVE-2026-2499 affects the WordPress Custom Logo plugin (
WordPress Custom Logo plugin <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Logo Path Setting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Logo Path Setting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Custom Logo versions = 2.2...
n8n has Potential Remote Code Execution via Merge Node
Impact An authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server. Patches The issues have been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to...
EUVD-2026-8626
A weakness has been identified in Tenda F453 1.0.0.3. This affects the function fromNatStaticSetting of the file /goform/NatStaticSetting of the component httpd. Executing a manipulation of the argument page can lead to buffer overflow. The attack may be launched remotely. The exploit has been ma...
CVE-2026-3168
A weakness has been identified in Tenda F453 1.0.0.3. This affects the function fromNatStaticSetting of the file /goform/NatStaticSetting of the component httpd. Executing a manipulation of the argument page can lead to buffer overflow. The attack may be launched remotely. The exploit has been ma...