446 matches found
EUVD-2026-41662
A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been publicly disclos...
CVE-2026-11794 Advanced Form Integration < 2.1.1 - Unauthenticated Privilege Escalation via Breakdance Form Role Mapping
The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the WordPress role assigned when it creates a user from a public form submission, allowing unauthenticated visitors to create an administrator account when an active integration maps the use...
CVE-2026-57629
Contributor Cross Site Scripting XSS in StatCounter = 2.1.1 versions...
CVE-2026-57629
CVE-2026-57629 : A cross-site scripting (XSS) vulnerability affects the WordPress plugin “StatCounter” in versions
PT-2026-52800
Name of the Vulnerable Software and Affected Versions StatCounter versions prior to 2.1.2 Description StatCounter is subject to Cross Site Scripting XSS, a flaw that allows an attacker to inject malicious scripts into web pages viewed by other users, specifically affecting the contributor role...
CVE-2026-39480
CVE-2026-39480 affects the WordPress plugin Backup Migration (versions
PT-2026-49381
Unauthenticated Sensitive Data Exposure in Backup Migration = 2.1.1 versions...
EUVD-2026-34926
The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the funpajaxmodifynotes function. This makes it possible for unauthenticated attackers to trick a logged-in...
CVE-2026-8493
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox Inline allows Cross-Site Scripting XSS. This issue affects Colorbox Inline: from 0.0.0 before 2.1.1...
PT-2026-44751
The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.1 This is due to insufficient output escaping on the post author's nickname in the statcounter addToTags function. The function is hooked to wp he...
CVE-2026-43827
Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected versions, when a session already...
CVE-2026-9301 omec-project amf NGReset Message memory corruption
A vulnerability was found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGReset Message Handler. Performing a manipulation results in memory corruption. The attack is possible to be carried out remotely. The exploit has been made public and could be use...
Unity Linux 20.1070e Security Update: undertow (UTSA-2026-016708)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016708 advisory. A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker t...
CVE-2026-8493 Colorbox Inline - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-036
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox Inline allows Cross-Site Scripting XSS. This issue affects Colorbox Inline: from 0.0.0 before 2.1.1...
CVE-2026-6174
The CVE-2026-6174 issue affects the WordPress CC Child Pages plugin. All versions up to and including 2.1.1 are vulnerable to Stored Cross-Site Scripting via the 'more' parameter due to insufficient input sanitization and output escaping. Authenticated attackers with Contributor-level access and ...
PT-2026-39973
The Zawgyi Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the zawgyi adminpage function. This makes it possible for unauthenticated attackers to update the plugin's zawgyi...
EUVD-2026-28806
novaGallery is a php image gallery. Prior to version 2.1.1, a path traversal vulnerability has been identified in novaGallery. This allows unauthenticated users to read image files outside the intended gallery root directory. This issue has been patched in version 2.1.1...
CVE-2026-42028
novaGallery is a php image gallery. Prior to version 2.1.1, a path traversal vulnerability has been identified in novaGallery. This allows unauthenticated users to read image files outside the intended gallery root directory. This issue has been patched in version 2.1.1...
CVE-2026-42028 novaGallery: Unauthenticated Path Traversal in Album and Cached Image Routes Allows Reading Images Outside Gallery Root
novaGallery is a php image gallery. Prior to version 2.1.1, a path traversal vulnerability has been identified in novaGallery. This allows unauthenticated users to read image files outside the intended gallery root directory. This issue has been patched in version 2.1.1...
CVE-2026-42028
CVE-2026-42028 affects novaGallery (a PHP image gallery). Prior to version 2.1.1, there is a path traversal vulnerability that allows unauthenticated users to read image files outside the intended gallery root. The issue has been patched in version 2.1.1. The CVSS 3.1 base score is 5.3 (Medium), ...