1128 matches found
PT-2026-27889
Name of the Vulnerable Software and Affected Versions Goldish versions prior to 3.47 Description An issue exists in Goldish that allows for object injection due to deserialization of untrusted data. Recommendations Update Goldish to version 3.47 or later...
PT-2026-27925
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in King-Theme Lumise Product Designer lumise allows Blind SQL Injection.This issue affects Lumise Product Designer: from n/a through 2.0.9...
CVE-2026-3889
Spoofing issue in Thunderbird. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9...
CVE-2026-4722 Privilege escalation in the IPC component
Privilege escalation in the IPC component. This vulnerability was fixed in Firefox 149 and Thunderbird 149...
CVE-2026-4687
Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
CVE-2026-32052
OpenClaw is affected in versions prior to 2026.2.24. The vulnerability is a command injection in the system.run shell-wrapper that enables execution of hidden commands by injecting trailing positional argv carriers after inline shell payloads. The attack can be triggered through crafted approval ...
WordPress MyDecor theme < 1.5.9 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme MyDecor versions 1.5.9...
WordPress Feedy theme < 2.1.5 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Phat RiO in WordPress Theme Feedy versions 2.1.5...
CVE-2026-33053
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the deleteapikeyroute endpoint accepts an apikeyid path parameter and deletes it with only a generic authentication check getcurrentactiveuser dependency. However, the deleteapikey CRUD...
CVE-2026-27093 WordPress Tripgo theme < 1.5.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ovatheme Tripgo tripgo allows PHP Local File Inclusion.This issue affects Tripgo: from n/a through 1.5.6...
CVE-2026-4111 affecting package libarchive for versions less than 3.6.1-9
CVE-2026-4111 affecting package libarchive for versions less than 3.6.1-9. A patched version of the package is available...
CVE-2026-25449
Deserialization of Untrusted Data vulnerability in Shinetheme Traveler allows Object Injection.This issue affects Traveler: from n/a before 3.2.8.1...
CVE-2026-32452
Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a through 3.15.0...
CVE-2026-26018 affecting package coredns for versions less than 1.11.4-15
CVE-2026-26018 affecting package coredns for versions less than 1.11.4-15. A patched version of the package is available...
CVE-2026-26018 affecting package coredns for versions less than 1.11.1-26
CVE-2026-26018 affecting package coredns for versions less than 1.11.1-26. A patched version of the package is available...
CVE-2026-4092
CVE-2026-4092 affects Google clasp prior to 3.2.0. A path traversal in filenames within a Google Apps Script project can lead to remote code execution, enabling an attacker to write arbitrary files on the host. Affected versions:
CVE-2026-32417
CVE-2026-32417 affects the WordPress Pochipp plugin, versions prior to 1.18.9. The issue is a Missing Authorization vulnerability stemming from incorrectly configured access control, allowing unauthorized access according to the description. The affected component is the Pochipp plugin (pochipp) ...
CVE-2026-25068 affecting package alsa-lib for versions less than 1.2.9-2
CVE-2026-25068 affecting package alsa-lib for versions less than 1.2.9-2. A patched version of the package is available...
CVE-2025-11065 affecting package opa for versions less than 0.63.0-3
CVE-2025-11065 affecting package opa for versions less than 0.63.0-3. A patched version of the package is available...
CVE-2025-47911 affecting package docker-buildx for versions less than 0.14.0-10
CVE-2025-47911 affecting package docker-buildx for versions less than 0.14.0-10. A patched version of the package is available...