161182 matches found
CVE-2026-48363
CVE-2026-48363 affects ColdFusion versions 2025.9, 2023.20 and earlier. It is an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (the victim must open a malicious file). The issue...
CVE-2026-48364
CVE-2026-48364 affects ColdFusion versions 2025.9, 2023.20 and earlier. It is an Uncontrolled Search Path Element vulnerability that could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file); the impact is ...
CVE-2026-61502
CVE-2026-61502 affects Rejetto HFS versions 3.0.0 through 3.2.0. The root cause is that state-changing API requests can be issued via GET and are exempt from the anti-CSRF header check, enabling a remote attacker to perform administrative actions (e.g., account creation, configuration changes) an...
CVE-2026-61500
Affected software: Rejetto HFS 3.0.0–3.2.0. Root cause: session-cookie signing key derived from the non‑cryptographic Math.random() generator; outputs disclosed to unauthenticated clients during login. Impact: remote attacker can observe login responses, reconstruct the generator state, recover t...
ROOT-APP-MAVEN-CVE-2026-47838 CVE-2026-47838 in io.root.org.springframework.security:spring-security-web - Patched by Root
Root has patched CVE-2026-47838 in the io.root.org.springframework.security:spring-security-web package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-22732 CVE-2026-22732 in io.root.org.springframework.security:spring-security-web - Patched by Root
Root has patched CVE-2026-22732 in the io.root.org.springframework.security:spring-security-web package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-54512 CVE-2026-54512 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root
Root has patched CVE-2026-54512 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...
EUVD-2026-43493
Integer overflow vulnerability has been found in "builtin.c" program file of gawk. This issue may lead to memory exhaustion on the hosting operating system and could be used to overwrite gawk heap metadata and objects with attacker-controlled bytes. It affects gawk in versions 5.4.0 and below...
ROOT-APP-PYPI-CVE-2026-48710 CVE-2026-48710 in rootio-starlette - Patched by Root
Root has patched CVE-2026-48710 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-48818 CVE-2026-48818 in rootio-starlette - Patched by Root
Root has patched CVE-2026-48818 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-54283 CVE-2026-54283 in rootio-starlette - Patched by Root
Root has patched CVE-2026-54283 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2025-54121 CVE-2025-54121 in rootio-starlette - Patched by Root
Root has patched CVE-2025-54121 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2024-47874 CVE-2024-47874 in rootio-starlette - Patched by Root
Root has patched CVE-2024-47874 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2025-62727 CVE-2025-62727 in rootio-starlette - Patched by Root
Root has patched CVE-2025-62727 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...
CVE-2026-61983
Missing Authorization vulnerability in andymoyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through = 5.0.30...
CVE-2026-57812
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.12.4...
CVE-2026-57814
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows DOM-Based XSS.This issue affects Forminator: from n/a through = 1.55.0.1...
CVE-2026-57795
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themelexus Kitchor kitchor allows PHP Local File Inclusion.This issue affects Kitchor: from n/a through = 1.4.3...
CVE-2026-57798
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SaurabhSharma NewsPlus Shortcodes newsplus-shortcodes allows PHP Local File Inclusion.This issue affects NewsPlus Shortcodes: from n/a through = 4.2.0...
CVE-2026-57791
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Brook brook allows PHP Local File Inclusion.This issue affects Brook: from n/a through = 2.9.0...