74794 matches found
CVE-2026-3323
An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes...
CVE-2026-7118
A security vulnerability has been detected in code-projects Employee Management System 1.0. The affected element is an unknown function of the file 370project/cancel.php. The manipulation of the argument id/token leads to sql injection. The attack is possible to be carried out remotely. The explo...
CVE-2026-22077
OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information disclosure...
CVE-2018-25285
Fathom 2.4 contains a buffer overflow vulnerability in the Authorization Code field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 6000-byte payload into the Authorization Code field and click Activate to trigger a denial of...
CVE-2026-41433
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to before 0.8.0, a flaw in the Java agent injection path allows a local attacker controlling a Java workload to overwrite arbitrary host files when Java injection is enabled and OBI is...
CVE-2026-34003
A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash,...
CVE-2026-33999
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...
CVE-2026-31174
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the informEnable parameter to /cgi-bin/cstecgi.cgi...
CVE-2018-25270
ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system...
CVE-2026-35243
Vulnerability in the Oracle Application Development Framework ADF product of Oracle Fusion Middleware component: ADF Faces. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where...
CVE-2026-22014
Vulnerability in the Oracle User Management product of Oracle E-Business Suite component: Workflow and Business Events. Supported versions that are affected are 12.2.7-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User...
CVE-2026-40302
zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the proxyUi template engine uses Go's text/template which performs no HTML escaping instead of html/template. The GitHub OAuth callback handlers in both publicProxy and dynamicProxy embed the...
CVE-2026-23500
Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAINODTASPDF configuration constant directly into a shell command passed to exec without...
CVE-2026-5231
The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utmsource' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input sanitization and output escaping. The plugin's referral parser copies the raw utmsource value into the...
CVE-2026-40502
OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can...
CVE-2026-6100
Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...
CVE-2026-39921
GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability that allows authenticated users with document upload permissions to trigger arbitrary outbound HTTP requests by providing a malicious URL via the docurl parameter during document upload...
CVE-2026-33773
An Incorrect Initialization of Resource vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks. When the same family inet or...
CVE-2026-5864
Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...
CVE-2026-39484
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through 7.0.00...
CVE-2026-21413
A heap-based buffer overflow vulnerability exists in the losslessjpegloadraw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2026-34980
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server...
CVE-2026-5456
A vulnerability was identified in Align Technology My Invisalign App 3.12.4 on Android. The impacted element is an unknown function of the file com/aligntech/myinvisalign/BuildConfig.java of the component com.aligntech.myinvisalign.emea. The manipulation of the argument CDAACCESSTOKEN leads to us...
CVE-2026-34832
Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.66.1, Scoold contains an authenticated authorization flaw in feedback deletion that allows any logged-in, low-privilege user to delete another user's feedback post by submitting its ID to POST /feedback/id/delete. The...
CVE-2026-33616
An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-5316
A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setupfree of the file stbvorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor...
CVE-2026-34442
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...
CVE-2026-31799
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" and from version 2.1.0-beta to before version 2.17.0 for parameters "sectionid" and "userid", the /api/v2?cmd=gethomestats endpoint passe...
CVE-2017-20228
Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input to the application. Attackers can craft malicious assembly input exceeding 5895 bytes to overwrite the instruction pointer and execute...
CVE-2026-24031
Dovecot SQL based authentication can be bypassed when authusernamechars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear authusernamechars. If this is not possible, install latest fixed version. No publicly available exploits...
CVE-2026-33661
Pay is an open-source payment SDK extension package for various Chinese payment services. Prior to version 3.7.20, the verifywechatsign function in src/Functions.php unconditionally skips all signature verification when the PSR-7 request reports localhost as the host. An attacker can exploit this...
CVE-2026-27828
EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118chargerImpl::handlesessionsetup uses v2gctx after it has been freed when ISO15118 initialization fails e.g., no IPv6 link-local address. The EVSE process can be crashed remotely by an attacker with MQTT access who issue...
CVE-2026-33713
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulate...
CVE-2025-33254
NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause internal state corruption. A successful exploit of this vulnerability may lead to a denial of service...
CVE-2026-21783
HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this...
CVE-2026-4711
Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
CVE-2026-4752
Use After Free vulnerability in No-Chicken Echo-Mate.This issue affects Echo-Mate: before V250329...
CVE-2025-10736
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to unauthorized access of data due to improper authorization checks on the userAccessibility function in all versions up to, and including, 2.2.10. This...
CVE-2026-3567
The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 4.1132. The plugin exposes two AJAX handlers that, when combined, allow any authenticated user to modify admin-level plugin settings. First, the...
CVE-2026-23274
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtIDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and always call modtimer on timer-timer. If the label was created first by revision 1 with XTIDLETIMERALARM...
CVE-2026-23273
In the Linux kernel, the following vulnerability has been resolved: macvlan: observe an RCU grace period in macvlancommonnewlink error path valis reported that a race condition still happens after my prior patch. macvlancommonnewlink might have made @dev visible before detecting an error, and its...
CVE-2026-33064
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sdm-subscriptions endpoint. A remote attacker can cause the UDM service to panic and crash by sending ...
CVE-2026-33056
tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball...
CVE-2026-4441
Use after free in Base in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-4342
A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...
CVE-2026-3644
The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...
CVE-2026-21000
Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege...
CVE-2026-1668
The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution. An unauthenticated attacker with netwo...
CVE-2026-32139
Dataease is an open source data visualization analysis tool. In DataEase 2.10.19 and earlier, the static resource upload interface allows SVG uploads. However, backend validation only checks whether the XML is parseable and whether the root node is svg. It does not sanitize active content such as...
CVE-2026-27142
Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...