852 matches found
CVE-2026-55628
ImageMagick (CVE-2026-55628) is affected by a policy bypass in the -concatenate operation present in versions prior to 7.1.2-26he, due to missing security policy checks. This could allow reading and writing to paths disallowed by policy. The issue has been fixed in version 7.1.2-26he. Remediation...
ROOT-OS-UBUNTU-2404-CVE-2025-71192 CVE-2025-71192 in rootio-linux - Patched by Root
Root has patched CVE-2025-71192 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
EUVD-2026-40378
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability...
CVE-2026-57338
Unauthenticated Cross Site Scripting XSS in ARForms = 7.1.2 versions...
EUVD-2026-40109
Unauthenticated Cross Site Scripting XSS in ARForms = 7.1.2 versions...
CVE-2026-57660
Unauthenticated Broken Access Control in Booking and Rental Manager = 2.7.1 versions...
CVE-2026-56060
The CVE concerns the WordPress plugin Print Invoice & Delivery Notes for WooCommerce . Affected: WooCommerce plugin versions up to and including 7.1.1 . Vulnerability: Unauthenticated Sensitive Data Exposure when generating prints for invoices and delivery notes, allowing access to confidential d...
WordPress Gravity Bookings plugin <= 2.7.1 - Authenticated (Subscriber+) Time-Based SQL Injection vulnerability
Authenticated Subscriber+ Time-Based SQL Injection vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Gravity Forms Bookings premium versions = 2.7.1...
EUVD-2026-39167
The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staffid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2026-3652
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the value parameter of the arfsaveincompleteformdata AJAX action in all versions up to, and including, 7.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
PT-2026-51650
Name of the Vulnerable Software and Affected Versions ARForms versions prior to 7.1.4 Description Insufficient input sanitization and output escaping in the ARForms plugin allow unauthenticated attackers to perform Stored Cross-Site Scripting XSS. By exploiting the value parameter of the arf save...
EUVD-2025-210300
IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...
Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2026-1861)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1861 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, an infinite loop in the subimage-search operation can...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In btrfsgetrootref in fs/btrfs/disk-io.c within the Linux kernel, up to version 6.7.1, there may be an assertion failure and a crash occurring because a subvolume can be read out too early after its root item is inserted during subvolume creation...
Astra Linux – Vulnerability in LibreOffice
LibreOffice supports digital signatures for ODF documents and macros within documents. It provides visual indicators that confirm that the document has not been altered since the last signature, and that the signature is valid. A vulnerability in certificate validation in LibreOffice allowed...
Astra Linux – Vulnerability in Linux
A issue was discovered in the kernel of NetBSD 7.1. An Access Point AP forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated with the AP. This could be exploited in Wi-Fi networks to launch denial-of-service attacks against connected clients, and it...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel up to version 6.7.1, there is a use-after-free in cecqueuemsgfh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c...
CVE-2026-48869
Unauthenticated Cross Site Scripting XSS in Enfold = 7.1.4 versions...
EUVD-2026-36917
Unauthenticated Broken Access Control in Simple Membership = 4.7.1 versions...
EUVD-2026-36913
Unauthenticated PHP Object Injection in Broadcast Live Video 7.1.3 versions...