20853 matches found
CVE-2026-12330
Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12 and Firefox ESR 115.37...
CVE-2026-12321
JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152...
CVE-2026-12317
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152...
CVE-2026-12306
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12...
WordPress User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation
User Registration & Membership WordPress plugin = 5.1.2 contains an improper privilege management vulnerability caused by accepting user-supplied roles without server-side allowlist enforcement, letting unauthenticated attackers create administrator accounts id: CVE-2026-1492 info: name: WordPres...
Webnus Inc. Modern Events Calendar - Broken Access Control
Webnus Inc. Modern Events Calendar = 7.29.0 contains a broken access control vulnerability caused by incorrectly configured access control security levels, letting attackers bypass authorization, exploit requires no special privileges. id: CVE-2026-32583 info: name: Webnus Inc. Modern Events...
Flowise - NVIDIA NIM Endpoints Missing Authentication
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the NVIDIA NIM router /api/v1/nvidia-nim/ is whitelisted in the global authentication middleware, allowing unauthenticated access to privileged container management and token generati...
HT Mega < 3.0.7 - Sensitive Information Disclosure
The HT Mega plugin for WordPress is vulnerable to Sensitive Information Exposure via AJAX actions. This template dynamically extracts the security nonce before exploitation. id: CVE-2026-4106 info: name: HT Mega 3.0.7 - Sensitive Information Disclosure author: EFETR severity: high description: |...
Mailcow < 2026-03b - Href Link Injection
mailcow 2026-03b reflects raw REQUESTURI into JavaScript and href links on the login page, allowing attackers to inject parameters that break JS logic and enable phishing. id: CVE-2026-40878 info: name: Mailcow 2026-03b - Href Link Injection author: ritikchaddha severity: low description: | mailc...
CKAN DataStore SQL Search - SQL Injection
CKAN, an open-source data management system used for powering open data portals, contains an unauthenticated SQL injection vulnerability in the datastoresearchsql API endpoint. id: CVE-2026-42031 info: name: CKAN DataStore SQL Search - SQL Injection author: theamanrawat severity: high description...
CVE-2026-1767
creationtimestamp| type| source ---|---|--- 2026-06-16 04:15:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moewsbzgsh2n...
CVE-2026-42014
creationtimestamp| type| source ---|---|--- 2026-06-16 04:07:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moewdvftpp2p...
CVE-2026-2470
creationtimestamp| type| source ---|---|--- 2026-06-16 03:59:14+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116757781000613357...
CVE-2026-7273
creationtimestamp| type| source ---|---|--- 2026-06-16 03:57:35+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116757774658704043 2026-06-16 04:02:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moew44qmwy2n 2026-06-16 05:00:09+00:00| seen|...
SUSE CVE-2026-47729
unknown...
SUSE CVE-2026-48006
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate...
SUSE CVE-2026-48487
unknown...
Chromium: CVE-2026-11698 Use after free in Bluetooth
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2026-11693 Inappropriate implementation in Plugins
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2026-11661 Use after free in Views
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...