143 matches found
Astra Linux - уязвимость в containerd
Containerd is an open-source container runtime. A bug was discovered in the CRI implementation of Containerd, where programs within a container can cause the Containerd daemon to consume memory indefinitely during the invocation of the ExecSync API. This can result in Containerd consuming all...
WordPress Embedder for Google Reviews plugin <= 1.6.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Embedder for Google Reviews versions = 1.6.6...
CVE-2026-25396
Missing Authorization vulnerability in CoderPress Commerce Coinbase For WooCommerce commerce-coinbase-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Commerce Coinbase For WooCommerce: from n/a through = 1.6.6...
CVE-2026-26001
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6...
EUVD-2026-15707
Missing Authorization vulnerability in CoderPress Commerce Coinbase For WooCommerce commerce-coinbase-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Commerce Coinbase For WooCommerce: from n/a through = 1.6.6...
CVE-2026-25396
Missing Authorization vulnerability in CoderPress Commerce Coinbase For WooCommerce commerce-coinbase-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Commerce Coinbase For WooCommerce: from n/a through = 1.6.6...
CVE-2026-25396 WordPress Commerce Coinbase For WooCommerce plugin <= 1.6.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in CoderPress Commerce Coinbase For WooCommerce commerce-coinbase-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Commerce Coinbase For WooCommerce: from n/a through = 1.6.6...
CVE-2026-25396
The CVE-2026-25396 entry concerns a Missing Authorization vulnerability in the WordPress plugin CoderPress Commerce Coinbase For WooCommerce (commerce-coinbase-for-woocommerce). Affected versions are through 1.6.6, where an incorrectly configured access-control mechanism allows exploitation of ac...
WordPress Commerce Coinbase For WooCommerce plugin <= 1.6.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Commerce Coinbase For WooCommerce versions = 1.6.6...
CVE-2026-26001
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6...
CVE-2026-26001 GLPI Inventory Plugin has SQL Injection on dropdown_calendar Report
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6...
EUVD-2026-12671
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6...
CVE-2026-26001 GLPI Inventory Plugin has SQL Injection on dropdown_calendar Report
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6...
CVE-2026-26001 GLPI Inventory Plugin has SQL Injection on dropdown_calendar Report
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6...
PT-2026-25960
Name of the Vulnerable Software and Affected Versions GLPI Inventory Plugin versions prior to 1.6.6 Description The GLPI Inventory Plugin manages network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to version 1.6.6, unsanitized user input could lead to an...
agentstack-cli (>=0.5.0 <=0.6.2rc6), aieng-platform-onboard (>=0.5.0 <=0.6.1) +35 more potentially affected by CVE-2026-28802 via authlib (>=1.6.5 <=1.6.6)
authlib PYPI version =1.6.5, =0.5.0, =0.5.0, =0.21.0, =0.44.0, =1.7.0, =0.8.0, =1.0.20, =0.12.0, =1.0.3, =0.2.0, =0.1.3, =1.0.0, =1.115.2, =0.2.20, =1.0.0, =1.1.2 and more Source cves: CVE-2026-28802 Source advisory: OSV:GHSA-7WC2-QXGW-G8GG...
CVE-2026-25590
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, there is a reflected XSS vulnerability in task jobs. This vulnerability is fixed in 1.6.6...
CVE-2026-25590 GLPI Inventory Plugin has Reflected XSS in task jobs
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, there is a reflected XSS vulnerability in task jobs. This vulnerability is fixed in 1.6.6...
CVE-2026-25590
CVE-2026-25590 in the GLPI Inventory Plugin has a reflected XSS vulnerability in task jobs present before version 1.6.6 . The issue allows an attacker to exploit inputs reflected in responses, resulting in confidentiality impact: HIGH while integrity and availability remain unaffected. Exploitati...
CVE-2026-25590 GLPI Inventory Plugin has Reflected XSS in task jobs
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, there is a reflected XSS vulnerability in task jobs. This vulnerability is fixed in 1.6.6...