241 matches found
EUVD-2026-40965
In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd-ctrl: Avoid ABBA on txlock/ctrl-lock During the SSR/PDR down notification the txlock is taken with the intent to provide synchronization with active DMA transfers. But during this period qcomslimngddown is...
CVE-2026-12408
The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the /wp-json/slim-seo/meta-tags/ai REST API endpoint. This is due to the endpoint's permissioncallback performin...
CVE-2026-12408
The CVE-2026-12408 entry concerns the WordPress plugin Slim SEO (versions up to and including 4.9.8). The vulnerability arises from the REST endpoint /wp-json/slim-seo/meta-tags/ai: the permission_callback only checks a top-level edit_posts capability and does not verify that the requester can re...
CVE-2026-12408 Slim SEO <= 4.9.8 - Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure via 'object.ID' Parameter
The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the /wp-json/slim-seo/meta-tags/ai REST API endpoint. This is due to the endpoint's permissioncallback performin...
EUVD-2026-40937
The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the /wp-json/slim-seo/meta-tags/ai REST API endpoint. This is due to the endpoint's permissioncallback performin...
WordPress Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin <= 4.9.8 - Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure vulnerability
Authenticated Contributor+ Insufficient Authorization to Private Content Disclosure vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Slim SEO versions = 4.9.8...
CVE-2026-57429
Contributor Broken Access Control in Slim SEO = 4.6.2 versions...
CVE-2026-57429
CVE-2026-57429 is associated with the WordPress plugin Slim SEO (versions ≤ 4.6.2). The vulnerability is described as Broken Access Control in the available connected documents (Patchstack listing and CVE records). Public details in the connected sources confirm the affected software/component an...
CVE-2026-57429 WordPress Slim SEO plugin <= 4.6.2 - Broken Access Control vulnerability
Contributor Broken Access Control in Slim SEO = 4.6.2 versions...
EUVD-2026-39385
Contributor Broken Access Control in Slim SEO = 4.6.2 versions...
WordPress Slim SEO plugin <= 4.6.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Abu Hurayra in WordPress Plugin Slim SEO versions = 4.6.2...
EUVD-2026-37008
Slim has Reflected XSS in the HtmlErrorRenderer...
CVE-2026-48157
Slim is a PHP micro framework that enables users to write simple web applications and APIs. In versions 4.4.0 through 4.15, if an application uses HttpException::setTitle and/or setDescription to include untrusted/request-derived data in the error title or description e.g. "No products found...
CVE-2026-48157 Slim has Reflected XSS in the HtmlErrorRenderer
Slim is a PHP micro framework that enables users to write simple web applications and APIs. In versions 4.4.0 through 4.15, if an application uses HttpException::setTitle and/or setDescription to include untrusted/request-derived data in the error title or description e.g. "No products found...
CVE-2026-48157
Slim PHP framework (versions 4.4.0–4.15) is affected by an HTML/JavaScript injection in error pages when HttpException::setTitle() and/or setDescription() are fed with untrusted data. The issue can occur in HTML error pages generated by Slim and is present even with displayErrorDetails = false; v...
CVE-2026-20753
Integer overflow in the UEFI firmware for the Slim Bootloader may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements a...
haiku-rag (>=0.27.0 <=0.44.0), haiku-rag-slim (>=0.27.0 <=0.44.0) +3 more potentially affected by CVE-2026-44019 via docling-core (>=2.60.1 <=2.74.0)
docling-core PYPI version =2.60.1, =0.27.0, =0.27.0, =0.2.0, =0.42.0, =0.65.0 Source cves: CVE-2026-44019 Source advisory: SNYK:PYTHON-DOCLINGCORE-17151737...
haiku-rag (>=0.27.0 <=0.44.0), haiku-rag-slim (>=0.27.0 <=0.44.0) +3 more potentially affected by CVE-2026-44019 via docling-core (>=2.60.1 <=2.74.0)
docling-core PYPI version =2.60.1, =0.27.0, =0.27.0, =0.2.0, =0.42.0, =0.65.0 Source cves: CVE-2026-44019 Source advisory: OSV:GHSA-J5XP-7M2F-49JV...
ara-cli (>=0.1.14.13 <=0.1.14.14), clai (>=1.5.0 <=1.98.0) +47 more potentially affected by CVE-2026-46678 via pydantic-ai-slim (>=1.56.0 <=1.98.0)
pydantic-ai-slim PYPI version =1.56.0, =0.1.14.13, =1.5.0, =0.1.0a1, =0.0.400, =1.0.0, =1.0.3, =0.1.0, =0.1.1, =0.1.1, =0.1.0, =0.0.1, =0.0.1, =0.0.8 and more Source cves: CVE-2026-46678 Source advisory: OSV:GHSA-CQP8-FCVH-X7R3...
ara-cli (>=0.1.14.13 <=0.1.14.14), clai (>=1.5.0 <=1.98.0) +47 more potentially affected by CVE-2026-25580 +1 more via pydantic-ai-slim (>=1.56.0 <=1.98.0)
pydantic-ai-slim PYPI version =1.56.0, =0.1.14.13, =1.5.0, =0.1.0a1, =0.0.400, =1.0.0, =1.0.3, =0.1.0, =0.1.1, =0.1.1, =0.1.0, =0.0.1, =0.0.1, =0.0.8 and more Source cves: CVE-2026-25580, CVE-2026-46678 Source advisory: SNYK:PYTHON-PYDANTICAISLIM-16796278...