938 matches found
CVE-2026-56292 Joomla Extension - acymailing.com - SQL Injection in AcyMailing extension < 10.11.1
A SQLi vulnerability in AcyMailing component 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage...
EUVD-2026-41530
A vulnerability exists in the Kong Konnect Model Context Protocol MCP server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests...
Mozilla Thunderbird < 152.0.1
The version of Thunderbird installed on the remote Windows host is prior to 152.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-63 advisory. - An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing...
CVE-2026-49048 Joomla Extension - joomcoder.com - Unauthenticated SQL Injection in JoomCCK extension for Joomla < 6.4.1
The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation...
CVE-2026-56045
The CVE-2026-56045 entry applies to the WordPress Automatic plugin versions earlier than 3.135.1, with an unauthenticated Cross Site Scripting (XSS) vulnerability. Affected software: WordPress Automatic plugin (
CVE-2025-68064
CVE-2025-68064 concerns a Local File Inclusion vulnerability in the WordPress Goya Core plugin, versions earlier than 1.0.9.4. The issue arises from a faulty file path handling in the plugin, enabling an attacker to access sensitive files. The CVSS 3.1 vector indicates remote access with high imp...
CVE-2026-9709 Themeco Cornerstone < 7.8.9 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Meta Disclosure
The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to disclose the metadata of any other user, including roles, session token previews and stored billing/shipping fields. This affects the premium co...
CVE-2026-8705 ClearSale Total <= 3.4.2 - Unauthenticated SQL Injection
The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the pagsegurometodo POST parameter of the clearsaletotalpush AJAX action in all versions up to, and including, 3.4.2. The handler is registered for unauthenticated users wpajaxnoprivclearsaletotalpush, and although a...
CVE-2026-39821 affecting package golang for versions less than 1.25.11-2
CVE-2026-39821 affecting package golang for versions less than 1.25.11-2. A patched version of the package is available...
CVE-2026-45839 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-45839 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-46064 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-46064 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-46108 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-46108 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-46286 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-46286 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-46075 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-46075 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
EUVD-2025-210212
Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all...
EUVD-2025-210211
Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List DACLs on the service object and related registry keys,. Produc...
CVE-2026-20265 Insecure Default Domain Allowlist in Splunk AI Toolkit
In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration. The vulnerability exists...
CVE-2026-41557 WordPress Kapee theme < 1.7.1 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Kapee 1.7.1 versions...
CVE-2026-22338
CVE-2026-22338 : WordPress EcoBlue theme
PT-2026-50501
Name of the Vulnerable Software and Affected Versions Splunk AI Toolkit versions prior to 5.7.4 Description A low-privileged user without "admin" or "power" Splunk roles can force the application to make outbound HTTP requests to an attacker-controlled server, potentially leading to data...