1865 matches found
Cockpit Web Console < 360 - Remote Code Execution
Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...
CVE-2026-54801
A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the we...
CVE-2026-56291 Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1
The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...
PYSEC-2026-1797 Cross-Frame Scripting vulnerability has been found on Plone CMS
A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting version below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element...
CVE-2026-22555 Gitea organization forks can expose organization secrets without create permission
Gitea versions before 1.26.0 allow API users to fork a repository into an organization without first passing the CanCreateOrgRepo check, which can expose organization secrets...
CVE-2026-57764
Contributor Cross Site Scripting XSS in Surbma | Yoast SEO Breadcrumb Shortcode = 1.2 versions...
WordPress RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin <= 6.0.9.1 - Cross-Site Request Forgery to Privilege Escalation vulnerability
Cross-Site Request Forgery to Privilege Escalation vulnerability discovered by ? in WordPress Plugin RegistrationMagic versions = 6.0.9.1...
PYSEC-2026-511 Qiskit allows arbitrary code execution decoding QPY format versions < 13
Impact A maliciously crafted QPY file can potentially execute arbitrary-code embedded in the payload without privilege escalation when deserializing QPY formats 13. A python process calling Qiskit's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded in the corre...
PYSEC-2026-510 Qiskit allows arbitrary code execution decoding QPY format versions < 13
Impact A maliciously crafted QPY file can potentially execute arbitrary-code embedded in the payload without privilege escalation when deserializing QPY formats 13. A python process calling Qiskit's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded in the corre...
CVE-2026-57431
Author Cross Site Scripting XSS in Featured Image = 2.1 versions...
CVE-2026-56045 WordPress Automatic plugin < 3.135.1 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Automatic 3.135.1 versions...
CVE-2026-13426
The Mattermost Go module github.com/mattermost/mattermost/server/public versions
CVE-2026-8705
The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the pagsegurometodo POST parameter of the clearsaletotalpush AJAX action in all versions up to, and including, 3.4.2. The handler is registered for unauthenticated users wpajaxnoprivclearsaletotalpush, and although a...
PT-2026-51686
Name of the Vulnerable Software and Affected Versions ClearSale Total versions prior to 3.4.3 Description An issue exists in the clearsale total push AJAX action where the pagsegurometodo POST parameter is not properly sanitized. The handler is accessible to unauthenticated users via wp ajax nopr...
CVE-2026-46086 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-46086 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-46294 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-46294 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-46142 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-46142 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-46132 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-46132 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-45842 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-45842 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-46094 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-46094 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...