2138 matches found
CVE-2026-5477 Prefix-substitution forgery via integer overflow in wolfCrypt CMAC
An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to forge CMAC tags. The function wcCmacUpdate used the guard if cmac-totalSz != 0 to skip XOR-chaining on the first block where digest is all-zeros and the XOR is a no-op. However, totalSz is word32 and wrap...
Linux Distros Unpatched Vulnerability : CVE-2026-5477
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to forge CMAC tags. The function wcCmacUpdate used the guard if...
Scaling Modern AppSec: Moving from Static Profiles to AI-Powered Scan Optimization
Key Highlights The Scale Challenge: As application portfolios grow and release cycles accelerate, traditional scanning models create a forced trade-off between coverage, cost, and velocity – leading to silent gaps that only surface during audits or incidents. The AI Solution: AI-powered scan...
CVE-2026-2519
The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to price manipulation via the 'tips' parameter in all versions up to, and including, 27.0. This is due to the plugin trusting a user-supplied input without server-side validation against the configure...
CVE-2026-39651
Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through = 4.12.0...
CVE-2026-39651
Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through = 4.12.0...
CVE-2026-39651
The connected documents confirm a concrete issue: WordPress Total Poll Lite plugin, version
CVE-2026-39651 WordPress Total Poll Lite plugin <= 4.12.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through = 4.12.0...
CVE-2026-39651 WordPress Total Poll Lite plugin <= 4.12.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through = 4.12.0...
WordPress plugin Total Poll Lite 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-5032
The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...
CVE-2026-5032
The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...
CVE-2026-5032 W3 Total Cache <= 2.9.3 - Unauthenticated Security Token Exposure via User-Agent Header
The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...
CVE-2026-5032
The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...
CVE-2026-5032 W3 Total Cache <= 2.9.3 - Unauthenticated Security Token Exposure via User-Agent Header
The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...
CVE-2026-5032
CVE-2026-5032 affects the WordPress plugin W3 Total Cache (versions
WordPress W3 Total Cache plugin <= 2.9.3 - Unauthenticated Security Token Exposure via User-Agent Header vulnerability
Unauthenticated Security Token Exposure via User-Agent Header vulnerability discovered by wesley wcraft in WordPress Plugin W3 Total Cache versions = 2.9.3...
CVE-2026-30573
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...
WordPress plugin W3 Total Cache 信息泄露漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
EUVD-2026-17901
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...