269 matches found
CVE-2026-40765
The CVE-2026-40765 entry details an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress collectchat plugin versions
CVE-2026-48878
Subscriber Sensitive Data Exposure in Visual Link Preview = 2.4.1 versions...
RockyLinux 8 : httpd:2.4 (RLSA-2026:25090)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:25090 advisory. httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 Tenable has extracted the preceding description block...
CVE-2026-8902 AJAX Report Comments <= 2.0.4 - Cross-Site Request Forgery to Settings Update
The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the rcoptionspage function. This makes it possible for unauthenticated attackers to modify plugin settings...
GPAC 安全漏洞
GPAC is an open-source multimedia framework developed by GPAC. Version 2.4 of GPAC contains a security vulnerability. This vulnerability stems from a floating-point exception in the gfopusparsepacketheader function, which could allow attackers to cause denial-of-service attacks through specially...
GPAC MP4Box 代码问题漏洞
GPAC MP4Box is a open-source multimedia packager from GPAC. It is primarily used for processing ISOBMF files such as MP4 and 3GP, but it can also be used for importing/exporting media from container files like AVI, MPG, MKV, and MPEG-2 TS. Version 2.4 of GPAC MP4Box has a code vulnerability cause...
EUVD-2026-35053
Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an authenticated user to bypass URL validation and inject malicious URLs such as javascript: URIs, resulting in cross-site scripting when another...
CVE-2026-8873
The Content Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acces...
PT-2026-44011
Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default...
CVE-2026-39079
An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive information via the /modules/upsshipping/logs/, and /modules/upsshipping/lib/UPSBaseApi.php components...
Adobe Commerce 安全漏洞
Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. There is a security vulnerability in Adobe Commerce, which stems from improper authorization. This vulnerability may allow security features to be bypassed, enabling...
Astra Linux – Vulnerabilities in Firefox, Thunderbird, Expat, LibXMLTok
In doProlog, within xmlparse.c of the Expat library also known as libexpat, there is an integer overflow issue related to mgroupSize before version 2.4.3...
CVE-2026-7217
A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function readdocx/readxlsx/readpptx/listxlsxsheets/readpdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads t...
CVE-2018-25285
Fathom 2.4 contains a buffer overflow in the Authorization Code field that can crash the application via an oversized input. An attacker with local access can trigger this by submitting a 6000-byte payload and activating it. CVSS metrics are provided (v3.1: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H; ba...
CVE-2026-5928
CVE-2026-5928 affects glibc’s ungetwc on FILE streams with wide characters where overlaps between single-byte and multi-byte encodings occur, in version 2.43 or earlier. A bug in the wide character pushback (_IO_wdefault_pbackfail) causes ungetwc() to operate on the regular input buffer (fp->_...
Yamaha SR-B30A 安全漏洞
The Yamaha SR-B30A is a bar-style audio device produced by the Japanese company Yamaha. Version 2.40 of the Yamaha SR-B30A contains a security vulnerability. This vulnerability stems from the Bluetooth low-power control interface, which allows unauthorized connections without authentication. This...
CVE-2026-37100
An issue in the Bluetooth Low Energy BLE control interface of the Yamaha SR-B30A sound bar firmware 2.40 Mobile App: Sound Bar Remote / version: 2.40 allows remote attackers within BLE radio range to connect without authentication via the Sound Bar Remote protocol...
CVE-2026-39683
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chief Gnome Garden Gnome Package garden-gnome-package allows DOM-Based XSS.This issue affects Garden Gnome Package: from n/a through = 2.4.1...
CowAgent 访问控制错误漏洞
CowAgent is an intelligent assistant and scalable agent framework developed by zhayujie’s individual developer. Versions of CowAgent 2.0.4 and earlier contained a security vulnerability related to access control. This vulnerability stemmed from the absence of authentication in the Agent Mode...
UBUNTU-CVE-2026-33456
Livestatus injection in the notification test mode in Checkmk 2.5.0b4 and 2.4.0p26 allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands via a crafted service description...