701 matches found
EUVD-2026-20144
Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CartFlows: from n/a through = 2.2.3...
PT-2026-31073
The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the group attribute in the gallery shortcode in all versions up to, and including, 2.3.4. This is due to the plugin modifying gallery shortcode output to include the group attribute value without proper...
PT-2026-31296
Name of the Vulnerable Software and Affected Versions WCAPF – WooCommerce Ajax Product Filter versions up to and including 4.2.3 Description The WooCommerce Ajax Product Filter plugin is susceptible to time-based SQL Injection through the post-author parameter. Insufficient input sanitization and...
CVE-2026-35611
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking...
CVE-2026-33227 Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ: Improper Limitation of a Pathname to a Restricted Classpath Directory
Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...
CVE-2026-30878
baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables...
CVE-2026-30880
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched in version 5.2.3...
CVE-2026-27697
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3...
CVE-2026-35056 XenForo Remote Code Execution via Authenticated Admin
XenForo before 2.3.9 and before 2.2.18 allows remote code execution RCE by authenticated, but malicious, admin users. An attacker with admin panel access can execute arbitrary code on the server...
Xenforo 代码注入漏洞
Xenforo is a forum software developed by the Xenforo company. Versions of XenForo prior to 2.3.7 had a code injection vulnerability. This vulnerability stemmed from improper restrictions on methods that could be called within templates, allowing unauthorized method calls to occur...
PT-2026-29414
XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes. This affects any customer using OAuth2 clients on any version of XenForo 2.3 prior to 2.3.5, potentially allowing client applications to gain access beyond their intended authorization level...
EUVD-2026-17265
baserCMS has OS command injection vulnerability in installer...
EUVD-2026-17261
baserCMS has Mail Form Acceptance Bypass via Public API...
EUVD-2026-17259
baserCMS Update Functionality Vulnerable to OS Command Injection...
EUVD-2026-17257
baserCMS has an SQL injection vulnerability in its blog post functionality...
CVE-2026-34556
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a heap-buffer-overflow HBO in icAnsiToUtf8 in the XML conversion path. The issue is triggered by a crafted ICC profile which causes icAnsiToUtf8std::string&, char const ...
CVE-2026-34556 iccDEV: HBO in icAnsiToUtf8()
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a heap-buffer-overflow HBO in icAnsiToUtf8 in the XML conversion path. The issue is triggered by a crafted ICC profile which causes icAnsiToUtf8std::string&, char const ...
EUVD-2026-17717
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior UB issue in IccTagLut.cpp where the code performs member access through a null pointer of type CIccApplyCLUT. This issue has been patched in versio...
CVE-2026-34548
iccDEV contains an Undefined Behavior (UB) in the XML conversion tool path (iccToXml) caused by an implicit conversion from a negative signed integer to icUInt32Number, leading to value changes prior to version 2.3.1.6. The issue is patched in version 2.3.1.6.
CVE-2026-34547 iccDEV: UB at IccUtil.cpp
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, an Undefined Behavior UB condition in IccUtil.cpp can be triggered by a crafted ICC profile when running iccDumpProfile. This issue has been patched in version 2.3.1.6...