365784 matches found
CVE-2025-68049
CVE-2025-68049 affects the WordPress bunny.net plugin, version up to 2.3.6, with a Broken Access Control flaw. The CVSS 3.1 base metrics indicate Low impact to confidentiality, integrity, and availability, and a network attack vector with low privileges required and no user interaction. The provi...
CVE-2025-60175
CVE-2025-60175 : WordPress PopAd plugin (≤1.0.4) contains a Server-Side Request Forgery (SSRF) vulnerability. The entry specifies an authenticated (Admin+) context, indicating exploitation requires user authorization, potentially enabling internal network requests to unintended targets. The avail...
CVE-2025-59133
CVE-2025-59133 describes an insecure direct object reference (IDOR) in the WordPress plugin Projectopia (WordPress Projectopia – projectopia-core) version
CVE-2026-48125
UAParser.js suffers a regular expression Denial of Service (ReDoS) when using Client Hints via UAParser(headers).withClientHints(). The issue is triggered by a crafted Sec-CH-UA-Model header, causing catastrophic backtracking in a server-side application and resulting in high CPU usage (availabil...
CVE-2026-48709
CVE-2026-48709 affects OliveTin’s ValidateArgumentType RPC endpoint (service/internal/api/api.go). In versions
CVE-2026-53633
CVE-2026-53633 relates to Vitest Browser Mode where the CDP bridge is exposed to the network. The connected advisory explains that the browser API can forward raw Chrome DevTools Protocol methods over a WebSocket RPC and is not gated by write/exec guards, enabling a remote attacker to perform act...
CVE-2026-49978
CVE-2026-49978 is not detailed in the initial entry, but a connected advisory (GHSA-RP9W-3FW7-7CWQ) describes a DOMPurify IN_PLACE Sanitization Bypass: if a template contains an element with an attached shadow DOM inside its .content, DOMPurify can skip sanitizing the shadow contents. This allows...
CVE-2026-48708
OliveTin is affected by a race condition in the template engine. In versions up to 3000.0.0, a single shared text/template.Template instance (tpl) is used across all goroutines, and actions perform tpl.Parse(source) followed by t.Execute() without synchronization. Under concurrent ExecRequests, t...
CVE-2026-49458
CVE-2026-49458 is reported as a reserved candidate with no public details in the Initial document, but the Connected Document GHSA-HPCV-96WG-7VJ8 provides concrete technical details showing a cross-realm IN_PLACE sanitization vulnerability in DOMPurify. The issue arises because DOMPurify accepts ...
CVE-2026-48124
The CVE-2026-48124 affects Cursor Desktop prior to version 3.0.0. A workspace-defined Claude hook can be configured via .claude/settings.local.json to execute local commands without dedicated user approval, enabling possible sandbox escape, persistence across turns, and local data access if an ag...
CVE-2026-49459
The connected GitHub advisory describes a DOMPurify IN_PLACE bypass: when sanitizing a detached root node (e.g., a form) with IN_PLACE: true, certain clobbering conditions let the root survive with attributes intact, enabling XSS. The root cause is a mismatch between _forceRemove and _sanitizeAtt...
CVE-2026-47261
CVE-2026-47261 : Wasmtime-wasi WASI path_open(TRUNCATE) bypasses FilePerms::WRITE host restriction. Root cause: when OpenFlags::TRUNCATE is used, open_mode was not OR-ed with WRITE, allowing a READ-only preopen with DirPerms::all() to bypass access checks via wasip1 path_open or wasip2 descriptor...
CVE-2026-47825
The CVE affects Spring Cloud Gateway Server components (WebMVC and WebFlux gateways) where headers from untrusted proxies (X-Forwarded-For, Forwarded) are forwarded in certain configurations. Root cause: forwarded-header handling without a trusted-proxy basis allows forged headers to reach downst...
CVE-2026-48518
Affected software: MultiJuicer (versions 8.0.0–10.0.0) running on a central Kubernetes deployment. Vulnerability: CSRF in the team join endpoint (POST /multi-juicer/api/teams/{team}/join) that accepts any Content-Type, bypassing CORS preflight and enabling a cross-site form to force a victim to j...
CVE-2026-52718
GStreamer AV1 parser vulnerability in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization and potential crash. A remote user could trigger an assertion abort by opening a crafted AV1 ...
CVE-2026-52722
GStreamer VMnc decoder in gstreamer1-plugins-bad-free contains a signed integer overflow in cursor payload handling. A crafted VMnc stream with large cursor dimensions can cause signed payload-size arithmetic overflow, bypass a length check, and lead to out-of-bounds reads. This may allow a remot...
CVE-2026-52720
GStreamer: librfb (RFB/VNC client) is affected by a heap buffer overflow caused by improper bounds checking of rectangle dimensions, allowing a malicious VNC server to send a rectangle extending beyond the framebuffer. This can lead to an out-of-bounds heap write and, per the report, potential co...
CVE-2026-53704
GStreamer: RealMedia demuxer in gst-plugins-ugly contains an out-of-bounds read in the FILEINFO metadata parser. The demuxer parses variable-name and variable-value pairs with re_skip_pascal_string() without validating offsets against the mapped buffer, and the element count used to control the p...
CVE-2026-53703
GStreamer RealMedia demuxer (gst-plugins-ugly) contains an out-of-bounds read vulnerability in MDPR parsing for audio stream headers (versions 4 and 5). When processing a RealMedia (.rm) file, the demuxer reads codec type, packet size, sample rate, channel count, and extra codec data length from ...
CVE-2026-52721
CVE-2026-52721 concerns GStreamer’s pcapparse element (in gstreamer1-plugins-bad-free). The issue involves multiple out-of-bounds reads during IPv4/TCP header parsing when processing malformed PCAP records. The vulnerability could allow a local attacker to trigger a crash or information disclosur...
CVE-2026-53705
GStreamer1-plugins-good’s WavPack decoder (gst_wavpack_dec_handle_frame) has an integer overflow in the 4 * block_samples * channels calculation, causing a very small heap allocation. The WavPack library then writes decoded samples beyond the allocated buffer, leading to heap memory corruption on...
CVE-2026-52719
GStreamer: out-of-bounds read in the VA JPEG decoder of gst-plugins-bad (CVE-2026-52719). The JPEG parser reads a segment length without validating against available data, enabling a remote attacker to craft a JPEG that, when opened by a user, may cause parsing to read beyond the input buffer, po...
CVE-2026-41708
The CVE describes a DoS vulnerability in Spring Cloud Sleuth via the Spring TX instrumentation when using vulnerable versions of org.springframework.cloud:spring-cloud-sleuth-instrumentation (SLEUTH 3.1.0–3.1.13). The root cause is exposure of the transaction instrumentation to crafted calls, all...
CVE-2026-47835
In Spring AI Vector Stores, the vulnerability arises from improper handling of special characters that could lead to arbitrary query execution in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components are spring-ai-elasticsearch-store, spring-ai-opensearch-store, and spring-ai-gemfi...
CVE-2026-48114
Metacat (versions 2.0.0 and later) contains an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert() builds an INSERT into HARVEST_SITE_SCHEDULE by string concatenation, wrapping literals with quoteString() without escaping. Three inputs (unit, con...
CVE-2026-49954
Discuz! X5.0 (versions 20260320–20260610) is affected by a Local File Inclusion in the enable_disable.php Plugin Directory, exploitable by authenticated administrators. The vulnerability stems from importing a crafted plugin configuration that uses path traversal in the directory attribute; an ex...
CVE-2026-49953
Discuz! X5.0 (builds 20260320–20260610) contains a CAPTCHA bypass vulnerability where limited complexity and predictable character sets in generated CAPTCHA images enable unauthenticated remote attackers to reliably predict challenge text via OCR, bypassing protections on login, registration and ...
CVE-2026-49952
Discuz! X5.0 (versions 20260320–20260501) contains an authentication bypass vulnerability in which an attacker can abuse a shared cryptographic key between UCenter integration and the dbbak.php database backup API. By injecting a crafted payload via the login username, an encryption-oracle path i...
CVE-2026-11931
CVE-2026-11931 affects Kiro IDE on macOS and Linux prior to version 0.11.133, where the authentication token cache file could be world-readable (0644) instead of owner-restricted (0600). This may allow other local users/processes to access cached tokens. Remediation: upgrade to Kiro IDE 0.11.133 ...
CVE-2026-47777
Affected product: Mastodon (open-source social network server). Vulnerable component: remote Collections feature logic for consent verification. Root cause: missing condition to ensure the FeatureAuthorization object on a remote account actually matches the Collection item, allowing forging of co...
CVE-2026-49294
Valhalla (open source routing engine) versions ≤ 3.6.3 are affected by a reflected XSS in the JSONP callback parameter. The input is reflected into the JavaScript response without validation or encoding, enabling an attacker to craft a URL whose callback contains arbitrary JavaScript. If a victim...
CVE-2026-8358
CVE-2026-8358 affects LibreOffice Calc during import of tracked changes. A heap buffer overflow occurs when a document reuses the same change identifier for two different kinds of changes; the importer may treat one change object as a larger type and write past the end of its allocation. The vuln...
CVE-2026-8357
CVE-2026-8357 affects LibreOffice Calc. The vulnerability arises in the formula compilation path when opening a spreadsheet, where very long formulas composed of many opening tokens cause a heap buffer overflow because the nesting-depth tracking array was undersized. The issue writes past the end...
CVE-2026-8356
CVE-2026-8356 : LibreOffice’s import of legacy binary PPT formats is affected. A stack buffer overflow occurs while processing a colour-replacement record: two fixed-size colour tables are filled from the file, but the write position isn’t reset between the two passes, causing writes past the end...
CVE-2026-6047
CVE-2026-6047 : LibreOffice is affected during OOXML (DOCX) import of a text box element. The issue is a heap buffer overflow that occurs when replaying deferred parser events; a handler object may be written using a layout for a larger type, causing writes past the allocation end. The root cause...
CVE-2026-6045
CVE-2026-6045 : In LibreOffice, importing EMF+ graphics can trigger a heap buffer overflow in the gradient brush import. The file’s gradient blend points are read to compute an allocation size, and an overflow can occur when multiplying that count, causing a small buffer to be filled as if it wer...
CVE-2026-6040
A heap use-after-free vulnerability (CVE-2026-6040) occurs when importing blank-width characters in an ODF number format. A position value read from the document could be used beyond the length of the format-code string, leading to memory access outside the string. The issue is mitigated in fixed...
CVE-2026-6039
CVE-2026-6039 affects LibreOffice DXF import: a heap buffer overflow occurs when importing a DXF polyline with a point count that exceeds 16-bit during buffer sizing, while the full count is used to fill the buffer. This mismatch allows writing past the end of the buffer. In fixed versions, such ...
CVE-2026-20262
Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) exposes an Arbitrary File Write vulnerability in its web UI. An authenticated, lower-privileged user can craft requests to a file-upload API endpoint to create/overwrite files on the OS, with potential for root escalation. Cisco has released...
CVE-2026-9863
CVE-2026-9863 concerns Fortra BoKS Manager, where an OS command injection vulnerability exists in the client upgrade/patch tooling for legacy tar-based installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may cause commands to be executed on the B...
CVE-2025-15659
CVE-2025-15659 concerns the WordPress Elizaibots plugin (versions
CVE-2025-15658
The CVE describes an Administrator-XSS vulnerability in the WordPress WP Emmet plugin versions
CVE-2026-9862
CVE-2026-9862 affects Fortra’s Core Privileged Access Manager (BoKS). The vulnerability is an OS command injection in the boks_autoregisterd service that can be exploited by a remote attacker with network access to execute commands with the service’s privileges during autoregistration processing....
CVE-2026-9595
The CVE affects webpack-dev-server where a user-configured proxy with a broad context (e.g., /) and ws: true intercepts the dev server’s HMR WebSocket, forwarding it to the proxy target. This can leak cookies and Origin headers to the backend, bypass Host/Origin validation, and corrupt the HMR so...
CVE-2026-5038
MULTER CVE-2026-5038 affects multer’s diskStorage: versions 2.0.0-alpha.1–2.1.1 and 3.0.0-alpha.1 are vulnerable. The root cause is that Readable.pipe() does not propagate the stream destroy signal to the underlying fs.WriteStream, allowing aborted or malformed multipart uploads to leave orphaned...
CVE-2026-10634
Zephyr's native TCP use-after-free (CVE-2026-10634) occurs in net_tcp_foreach() when the iterator releases tcp_lock before invoking the per-connection callback, allowing a concurrent tcp_conn_release() to free the next slab and cause a use-after-free on dereference. The patch moves the teardown i...
CVE-2026-8683
Mattermost Desktop App
CVE-2026-5079
The CVE-2026-5079 issue affects the Multer library (versions 1.0.0–2.1.1 and 3.0.0-alpha.1). The vulnerability arises from the append-field dependency parsing bracket notation in field names with no limit on nesting depth, which can cause the allocation of deeply nested object structures and cons...
CVE-2026-6517
Mattermost Desktop App (versions
CVE-2025-64215
CVE-2025-64215 affects WordPress MasterStudy LMS Pro (StylemixThemes) prior to 4.7.16. The issue is a Missing Authorization vulnerability causing Broken Access Control by allowing access to functionality not properly constrained by ACLs. The publicly cited source (Patchstack) lists the vulnerabil...