366517 matches found
CVE-2026-13136
This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided...
CVE-2026-12415 Invoice Generator <= 1.0.0 - Unauthenticated Privilege Escalation via Account Takeover via 'user_id' Parameter
The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravelinvoiceeditaccount AJAX action in versions up to, and including, 1.0.0. The handler is exposed via wpajaxnoprivpravelinvoiceeditaccount, accepts an attacker-controlled...
CVE-2025-59868
Technical details (affected versions, root cause, impact, remediation) are not provided in the supplied documents. Monitor for updates as information remains limited.
CVE-2026-13422
The CVE concerns the WordPress plugin HD Quiz (WordPress) versions 2.2.0–2.2.1. The root cause is missing or incorrect nonce validation in the hdq_validate_nonce function, enabling Cross-Site Request Forgery. This allows unauthenticated attackers to delete or modify quizzes and questions, create ...
CVE-2026-11356
The Ivory Search – WordPress Search Plugin for WordPress is affected by a Stored Cross-Site Scripting vulnerability in the settings fields menu_title and menu_magnifier_color, affecting all versions up to and including 5.5.15. The root cause is insufficient input sanitization and output escaping....
CVE-2026-13335
The CodePeople Post Map for Google Maps WordPress plugin is vulnerable to Stored XSS via the 'cpm_point' Post Meta in all versions up to 1.2.6 due to insufficient input sanitization and output escaping. Authenticated attackers with Contributor-level access or higher can inject arbitrary scripts t...
CVE-2026-13333
CVE-2026-13333 affects the Groundhogg WordPress plugin up to version 4.5.5. The issue is a generic SQL injection in the query[select] path caused by insufficient escaping and inadequate preparation of the SQL query, allowing an authenticated attacker with Sales Representative-level access or high...
CVE-2026-13331
The affected software is the Groundhogg WordPress plugin (CRM, Newsletters, and Marketing Automation). It is vulnerable to a generic SQL Injection via the 'search' parameter in all versions up to and including 4.5.5 , caused by insufficient escaping of the user-supplied value and inadequate prepa...
CVE-2023-37524
Technical details (affected product/version, root cause, and remediation) are not publicly available in the provided documents. Monitor for updates from official sources regarding CVE-2023-37524.
CVE-2026-54244
Technical details for CVE-2026-54244 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-54243
Technical details for CVE-2026-54243 are not publicly available in the provided documents. Monitor for updates as information remains reserved.
CVE-2026-54242
Technical details for CVE-2026-54242 are not publicly available in the provided documents. No product, impact, or remediation information is provided. Monitor for updates.
CVE-2026-56414
The CVE-2026-56414 entry concerns H.View IP cameras (HV-500S6) with certificate-related upload interfaces. Authenticated users can store arbitrary file content to fixed, persistent filesystem locations without validation of file type, structure, or size. The described design omission enables plac...
CVE-2026-55975
CVE-2026-55975 affects H.View IP cameras (e.g., HV-500S6) where an authenticated user can supply unsanitized XML to the device’s certificate generation interface. The input is incorporated into a backend certificate creation command without proper validation, enabling command execution with eleva...
CVE-2026-31928
The CVE-2026-31928 entry concerns DMP-5000 devices shipped with a default administrative web account and weak authentication controls that are not required to be changed during initial configuration or operation, enabling full system access if exploited. The issue is tied to hard-coded/default cr...
CVE-2026-50029
Technical details for CVE-2026-50029 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-33560
The CVE-2026-33560 issue affects the DMP-5000 file service, where an authenticated user can upload files of any type without validation, because there is no file-extension filtering or content inspection, allowing executable binaries/scripts to be written to the server. The vulnerability stems fr...
CVE-2026-49349
Technical details for CVE-2026-49349 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-28701
CVE-2026-28701 affects various versions of Daktronics Controller Firmware. The vulnerability is a path traversal flaw permitting authenticated or unauthenticated remote users to escape the intended directory and enumerate arbitrary filesystem paths, with potential high impact to confidentiality, ...
CVE-2026-49258
Technical details for CVE-2026-49258 are not publicly available in the provided documents. No affected products, impact, vectors, or remediation are specified here. Monitor for updates and official disclosures as information becomes available.
CVE-2026-49869
Kestra OSS contains an unauthenticated RCE flaw in the AuthenticationFilter prior to versions 1.0.45 and 1.3.21. The whitelist uses a suffix check (request.getPath().endsWith("/configs")) to bypass Basic Auth, so any API path ending in configs bypasses authentication. An unauthenticated attacker ...
CVE-2026-45807
Summary: Kestra prior to versions 1.0.43 and 1.3.19 is affected by a path-traversal vulnerability. Several API endpoints accept a kestra:// URI and pass it through StorageInterface.parentTraversalGuard, which only inspects the literal URI.toString(). An URL-encoded .. ("%2E%2E") can slip through,...
CVE-2026-49984
CVE-2026-49984 – Kestra : A path traversal vulnerability in the LocalStorage backend allows any authenticated user who can view an execution to read arbitrary files on the server. Before patching, the LocalStorage path validator mishandles Windows-style backslashes, letting an attacker smuggle tr...
CVE-2026-53576
Kestra prior to versions 1.0.45 and 1.3.21 contained an authentication filter bypass on the REST API. Requests whose path ends in /configs were treated as the public instance-config endpoint and forwarded without credential checks, allowing anonymous access to resources such as /api/v1/{tenant}/f...
CVE-2026-48813
Technical details for CVE-2026-48813 are not publicly available in the provided documents. This entry is reserved; monitor for updates.
CVE-2026-53577
CVE-2026-53577 – Kestra : Affects the previewFileFromExecution endpoint (GET /api/v1/{tenant}/executions/{executionId}/file/preview). Before versions 1.0.45 and 1.3.21, there was an access control bypass that allowed any authenticated user to read output files from any other execution within the ...
CVE-2026-48804
Technical details are not publicly available in the provided documents. Monitor for updates as information about affected products, scope, and remediation has not been disclosed.
CVE-2026-55069
Kestra OSS (BasicAuth) stores administrator password with SHA-512; if an attacker gains read access to PostgreSQL, offline brute-force can recover the password. In Kubernetes, cracked credentials may enable reading ServiceAccount Tokens and all K8s Secrets, enabling vertical privilege escalation....
CVE-2026-48809
Technical details for CVE-2026-48809 are not publicly available in the provided documents. This entry is reserved with no exposed information. Monitor for updates as new details are disclosed.
CVE-2026-48801
Technical details are not publicly available in the provided documents. Monitor for updates as information about affected products, impact, or remediation is not disclosed here.
CVE-2026-54351
Budibase (open‑source low‑code platform) contains a vulnerability CVE-2026-54351 where the webhook trigger endpoint before version 3.39.9 is publicly accessible and passes the full HTTP body into automation parameters. A mass‑assignment flaw in externalTrigger() allows an attacker to overwrite ap...
CVE-2026-54353
Budibase prior to version 3.39.9 is vulnerable to a non‑blind SSRF due to a DNS rebinding bypass in the outbound fetch validation flow. Authenticated users with automation permissions can bypass the SSRF blacklist: the hostname is validated against the blacklist, but the socket connection later p...
CVE-2026-48790
Technical details for CVE-2026-48790 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-54350
Budibase CVE-2026-54350 describes an unauthenticated NoSQL injection against published Budibase apps. EnrichContext substitutes query parameters into the JSON body and JSON.parse can lift attacker-controlled fields into the parsed filter, allowing an attacker with a PUBLIC query to read (and for ...
CVE-2026-50137
Budibase prior to 3.39.0 allows an anonymous attacker to call POST /api/attachments/:datasourceId/url with a known workspace id (app_…) and S3 datasource id (ds_…) and receive a 15‑minute pre‑signed PUT URL minted on the victim’s IAM credentials. The endpoint returns both the signed URL and the p...
CVE-2024-23581
CVE-2024-23581 affects HCL Traveler for Microsoft Outlook libraries (HTMO). The CVE is described as an application modification vulnerability in these libraries. The associated CVSS 3.1 vector (AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H) yields a base score of 6.7 (Medium) and indicates a local attack v...
CVE-2026-50136
Budibase prior to version 3.39.3 exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The /api/attachments/:datasourceId/url route is protected only by recaptcha, allowing a caller with workspace and S3 datasource IDs t...
CVE-2026-50132
Summary (CVE-2026-50132) Budibase exposes a public GET endpoint GET /api/chat-links/:instance/:token/handoff that, before version 3.39.0, can silently link an attacker’s external chat identity (Slack/Discord/MS Teams) to a victim’s Budibase account without consent or CSRF protection. The flow: an...
CVE-2026-54352
Budibase has a high-severity arcane file-read issue via the PWA ZIP upload endpoint. Prior to 3.39.9, a workspace-builder could upload a ZIP containing a symlink to a root-available file (for example, /data/.env or /etc/shadow) and, because extract-zip preserves absolute targets and the icon vali...
CVE-2026-41262
Technical details for CVE-2026-41262 are not publicly available in the provided documents. Monitor for updates from the reserving organization.
CVE-2026-10140
Technical details for CVE-2026-10140 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-46604
The CVE-2026-46604 entry concerns the TIFF decoder in golang.org/x/image. The underlying issue is a panic that occurs when decoding an invalid TIFF image with an out-of-bounds strip offset, as described in multiple sources. The affected component is the TIFF decoding path within x/image/tiff. The...
CVE-2026-48770
Notepad++ prior to version 8.9.6.1 is affected by multiple issues arising from insecure handling of inter-process communication data. Specifically, a local attacker can trigger a denial of service (CVE-2026-48770) by sending a malformed WM_COPYDATA message where COPYDATA_FULL_CMDLINE is processed...
CVE-2026-48778
Notepad++ prior to 8.9.6.1 is affected by an RCE in config.xml: the value is read without validation and passed to ShellExecute when triggering File → Open Containing Folder → cmd, enabling attacker-controlled executable paths. The issue stems from NppXml::value() storing the value in _nppGUI._c...
CVE-2026-52885
Notepad++ Notepad++ v8.9.6.4 fixes a TOCTOU vulnerability (CVE-2026-52885) where the on-disk HMAC of shortcuts.xml is checked at trigger time while the command payload is loaded into memory at startup and never synchronized. An attacker with write access to shortcuts.xml can plant a malicious fil...
CVE-2026-46710
Notepad++ is affected by a local privilege escalation vulnerability in the installer (CVE-2026-46710) detected in versions 8.9.4–8.9.6. During installation, the installer launches powershell.exe without an absolute path after setting the working directory to the installation contextMenu directory...
CVE-2026-48800
Notepad++ prior to 8.9.6.1 is affected by CVE-2026-48800 where the content inside in shortcuts.xml is read without validation and used to build a Run menu item that ShellExecute() executes. The attacker-controlled string becomes the executable path when the user clicks the Run menu entry, enabl...
CVE-2026-52884
Notepad++ CVE-2026-52884 affects Notepad++ up to version 8.9.6.1 where isInTrustedDirectory() does not canonicalize paths before checking. The code uses a prefix-based trust check (PathIsPrefix or equivalent), allowing a path traversal like ....\ after a trusted directory prefix to resolve to an ...
CVE-2026-9836
CVE-2026-9836 — IBM DataStage Flow Designer is affected by an information disclosure vulnerability (CWE-200). Affects InfoSphere Information Server versions 11.7.0.0 to 11.7.1.6. Remediation: upgrade to IBM InfoSphere Information Server 11.7.1.0 or 11.7.1.6 (including Service Pack 3 for 11.7.1.6)...
CVE-2026-55188
RustFS’s ListRemoteTargetHandler in versions 1.0.0-alpha.1 through 1.0.0-beta.8 contains an authorization bypass that only checks for credentials and neglects to verify replication or admin permissions. This allows an authenticated user without bucket/admin rights to list remote replication targe...