15340 matches found
Outlook Copilot Tampering Vulnerability
Improper neutralization of special elements used in a command 'command injection' in Outlook Copilot allows an authorized attacker to perform tampering over a network...
Windows Subsystem for Linux (WSL2) Kernel Tampering Vulnerability
Time-of-check time-of-use toctou race condition in Windows Subsystem for Linux allows an authorized attacker to perform tampering locally...
EUVD-2026-43611
The News Kit Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
PT-2026-58637
Name of the Vulnerable Software and Affected Versions Windows Subsystem for Linux versions prior to 2.7.10 Description A time-of-check time-of-use TOCTOU race condition exists in the Windows Subsystem for Linux. This flaw allows an authorized local attacker to perform data tampering. A TOCTOU rac...
PT-2026-58715
Improper link resolution before file access 'link following' in .NET allows an authorized attacker to perform tampering locally...
Microsoft Windows Subsystem for Linux (WSL2) < 2.7.10 Tampering (CVE-2026-57973) (July 2026)
The version of Microsoft Windows Subsystem for Linux WSL2 on the remote Windows host is prior to 2.7.10. It is, therefore, affected by a tampering vulnerability: - Time-of-check time-of-use toctou race condition in Windows Subsystem for Linux allows an authorized attacker to perform tampering...
PT-2026-58746
Name of the Vulnerable Software and Affected Versions NVIDIA TensorRT-LLM for Linux affected versions not specified Description A flaw exists in the restricted unpickler used for model weight deserialization. This allows a local, unauthenticated attacker to trigger the deserialization of untruste...
UBUNTU-CVE-2026-50526
Improper link resolution before file access 'link following' in .NET allows an authorized attacker to perform tampering locally...
KLA91143 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, gain privileges, obtain sensitive information, spoof user interface. Below is a complete list of...
PT-2026-58469
Name of the Vulnerable Software and Affected Versions Microsoft Windows DNS affected versions not specified Description Improper access control in the Windows DNS Client allows an authorized, logged-in attacker to perform local tampering. Recommendations At the moment, there is no information abo...
CVE-2026-11901
The WP Hotel Booking plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 2.3.1. This is due to the webhookprocesspaypalstandard IPN handler selecting its PayPal validation endpoint from the attacker-controlled $REQUEST'testipn...
EUVD-2026-43149
The WP Hotel Booking plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 2.3.1. This is due to the webhookprocesspaypalstandard IPN handler selecting its PayPal validation endpoint from the attacker-controlled $REQUEST'testipn...
CVE-2026-55516
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintenances/maintenanceid checks access to the current maintenance record and asset but then fills attacker-controlled fields including assetid without re-authorizing the newly supplied asset, allowing an...
CVE-2026-15288
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 2.2.1. This is due to the plugin accepting the payment amount directly from user-controlled POST data in the 'createpaymentintent' and...
CVE-2026-15288
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 2.2.1. This is due to the plugin accepting the payment amount directly from user-controlled POST data in the 'createpaymentintent' and...
CVE-2026-57851
MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...
CVE-2026-57851
MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the Neo4jChatAgent process. An attacker can gain unauthorized access to all gra...
BIT-LIBPYTHON-2026-12003 CPython >3.11 Insecure Input Validation resulting in privilege escalation
To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...
CVE-2026-12686 Incorrect authorisation in Adiss’s Biloop
An authenticated user could manipulate a company ID parameter in a POST request to the backend to gain unauthorised access to other companies hosted within the same subdomain environment. The application does not adequately verify whether the requested company ID belongs to the authenticated user...