372 matches found
EUVD-2026-37624
Unauthenticated Cross Site Scripting XSS in WPFunnels Pro = 2.9.4 versions...
EUVD-2026-37588
Author Broken Access Control in W3 Total Cache = 2.9.1 versions...
CVE-2026-54192
Unauthenticated Cross Site Scripting XSS in Popup box = 6.2.9 versions...
CVE-2026-39595 WordPress W3 Total Cache plugin <= 2.9.1 - Broken Access Control vulnerability
Author Broken Access Control in W3 Total Cache = 2.9.1 versions...
CVE-2026-48868
Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...
EUVD-2026-36899
Unauthenticated Sensitive Data Exposure in Affiliates Manager = 2.9.50 versions...
EUVD-2026-36847
Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...
PT-2026-49477
Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...
CVE-2026-26237
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later...
QNAP Systems QTS和QNAP Systems QuTS hero 操作系统命令注入漏洞
QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both products have an operating system command injection vulnerability. This vulnerability stems from command injection, which...
CVE-2026-44083 QuMagie
An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later...
CVE-2026-26236
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later...
CVE-2026-26236 QuMagie
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later...
CVE-2026-46837
Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite component: Security. Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via SQL to compromise Oracle Flow Manufacturing...
CVE-2026-11029
Insufficient validation of untrusted input in Drag and Drop in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
RockyLinux 9 : nginx:1.24 (RLSA-2026:19371)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19371 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the RockyLinux security...
Suprema BioStar 安全漏洞
Suprema BioStar is a web-based, open-integrated security platform developed by the South Korean company Suprema. It offers comprehensive features for access control, attendance management, visitor management, and video log maintenance. There were security vulnerabilities in the versions of Suprem...
CVE-2026-46837
Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite component: Security. Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via SQL to compromise Oracle Flow Manufacturing...
WordPress plugin Duplicate Page and Post SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-44847 MaxKB: Webhook Trigger Authentication Bypass
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's webhook trigger endpoint /api/trigger/v1/webhook/triggerid is accessible without authentication. The WebhookAuth class unconditionally returns None, , which Django REST Framework interprets as successful authentication...