1291 matches found
CVE-2026-3722
The Auto Image Attributes From Filename With Bulk Updater Add Alt Text, Image Title For Image SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment metadata in all versions up to, and including, 4.9 due to insufficient input sanitization and output escaping. Thi...
CVE-2026-41431
Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource MAR updater org.mozilla.updater that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signatures...
Chromium: CVE-2026-11115 Use after free in Updater
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
EUVD-2026-34576
Use after free in Updater in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: Medium...
DEBIAN-CVE-2026-11115
Use after free in Updater in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: Medium...
CVE-2026-11115
Use after free in Updater in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: Medium...
CVE-2026-11115
Use after free in Updater in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: Medium...
CVE-2026-11115
Use after free in Updater in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: Medium...
CVE-2026-11115
Use after free in Updater in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: Medium...
CVE-2026-11115
Use after free in Updater in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: Medium...
Linux Distros Unpatched Vulnerability : CVE-2025-41259
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SWUpdate before 2026.05 is affected by a time-of-check time-of-use TOCTOU race condition that allows local unprivileged attackers to escalate privileges to root...
PT-2026-46642
Use after free in Updater in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: Medium...
EUVD-2026-33869
The Auto Image Attributes From Filename With Bulk Updater Add Alt Text, Image Title For Image SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment metadata in all versions up to, and including, 4.9 due to insufficient input sanitization and output escaping. Thi...
CVE-2026-3722
The Auto Image Attributes From Filename With Bulk Updater Add Alt Text, Image Title For Image SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment metadata in all versions up to, and including, 4.9 due to insufficient input sanitization and output escaping. Thi...
CVE-2026-3722 Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) <= 4.9 - Authenticated (Author+) Stored Cross-Site Scripting via Image Attribute
The Auto Image Attributes From Filename With Bulk Updater Add Alt Text, Image Title For Image SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment metadata in all versions up to, and including, 4.9 due to insufficient input sanitization and output escaping. Thi...
CVE-2018-25409
SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksipengurus.php endpoint with module=pengurus and act=update parameters, which...
Sparkle's AppInstaller post-stage-1 XPC listener accepts unvalidated connections, allowing spoofed appcast item data injection
Summary AppInstaller post-stage-1 XPC listener accepts unvalidated connections, allowing spoofed appcast item data injection. Details Autoupdate/AppInstaller.m's shouldAcceptNewConnection: only enforces SUCodeSigningVerifier validateConnection: before stage 1 completes. After...
CVE-2026-42070 MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API
Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, the mcissueupdate function in MantisBT allows users having updatebugthreshold access UPDATER, with default settings to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing t...
Malicious code in @tmecontinue/claude (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0813d6ca6de1573ab8f99aae08444e589f4c5751931e4b18812140f720b74239 Package self-describes as a 'Reverse-engineered Anthropic Claude Code CLI' and impersonates the legitimate @anthropic-ai/claude-code bin name...
MAL-2026-4457 Malicious code in @tmecontinue/claude (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0813d6ca6de1573ab8f99aae08444e589f4c5751931e4b18812140f720b74239 Package self-describes as a 'Reverse-engineered Anthropic Claude Code CLI' and impersonates the legitimate @anthropic-ai/claude-code bin name...