367585 matches found
CVE-2026-50043
This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided...
CVE-2026-11380
The CVE-2026-11380 entry concerns the WordPress plugin JetWidgets For Elementor. Affected: JetWidgets For Elementor (WordPress) versions up to and including 1.0.21. Vulnerability: Stored Cross-Site Scripting due to insufficient output escaping and missing server-side validation of the Animated Bo...
CVE-2026-11988
CVE-2026-11988 affects LearnPress
CVE-2026-12127
WPForms – Easy Form Builder for WordPress (WordPress plugin WPForms Lite) versions up to 1.10.2 are vulnerable to CRLF header injection in outgoing notification emails. The root cause is improper neutralization of CRLF sequences: get_reply_to_address() expands the Reply-To display name with conte...
CVE-2026-6070
The WP-BusinessDirectory WordPress plugin (versions up to and including 4.0.1) is vulnerable to unauthenticated arbitrary file deletion via path traversal. The issue stems from insufficient path validation in the remove() method of JBusinessDirectoryControllerUpload. The task=upload.remove endpoi...
CVE-2026-12113
The WordPress plugin Appointment Booking Calendar (versions
CVE-2026-2387
The CVE-2026-2387 entry concerns the WordPress Event Organiser plugin (versions up to and including 3.12.9). The vulnerability is a Stored Cross-Site Scripting flaw in the eo_events shortcode: attacker-controlled no_events content is rendered in event list templates without output escaping, allow...
CVE-2026-11981
The CVE-2026-11981 entry concerns the WordPress GiveWP plugin (affected: versions up to 4.15.3) with a Cross-Site Request Forgery vulnerability due to missing nonce validation in give_set_notification_status_handler(). This allows unauthenticated attackers to disable donation email notifications ...
CVE-2026-7517
The CVE-2026-7517 entry concerns the Custom Payment Gateways for WooCommerce WordPress plugin. It is vulnerable to Stored Cross-Site Scripting via the alg_wc_cpg_input_fields parameter in all versions up to 2.1.0 due to insufficient input sanitization and output escaping. Exploitation is possible...
CVE-2026-55407
This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided...
CVE-2026-58519
CVE-2026-58519 describes an Stored XSS in The Wikimedia Foundation MediaWiki Cargo Extension caused by improper neutralization of input during web page generation. Affected software is MediaWiki Cargo Extension prior to version 3.9.1. The connected sources confirm the vulnerability and its scope ...
CVE-2026-58518
The CVE-2026-58518 entry describes a CSRF vulnerability in the MediaWiki RedirectManager Extension prior to version 1.3.3. The affected component is the RedirectManager Extension for MediaWiki; the documented impact is Cross-Site Request Forgery, but no exploitation details, specific vulnerable f...
CVE-2026-12090
The Taskbuilder WordPress plugin (Taskbuilder – Project Management & Task Management Tool With Kanban Board) is affected by a generic SQL Injection via the wppm_proj_filter parameter in all versions up to 5.0.8. The root cause is insufficient escaping of the user-supplied parameter and an inadequ...
CVE-2026-12135
The CVE-2026-12135 entry concerns the FV Flowplayer Video Player plugin for WordPress. Affected versions are all releases up to 7.5.51.7212, where a Stored Cross-Site Scripting vulnerability exists in the video_player shortcode align attribute due to insufficient input sanitization and output esc...
CVE-2026-12923
The Youtube Showcase plugin for WordPress (up to version 4.0.3) is vulnerable to an Arbitrary Function Call via the 'path' parameter in the emd_delete_file() AJAX handler (includes/common-functions.php). A user-supplied value is sanitized, has its trailing '_PLUGIN_DIR' stripped, and is then invo...
CVE-2026-12110
CVE-2026-12110 relates to the WordPress plugin Taskbuilder – Project Management & Task Management Tool With Kanban Board. All versions up to 5.0.8 are affected by a generic SQL Injection in the task_search parameter caused by insufficient escaping and lack of proper query preparation. This allows...
CVE-2026-12902
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-13015
The CVE-2026-13015 entry applies to the WordPress plugin “Wp Google Places Review Slider” (versions up to and including 18.1). The vulnerability is a Reflected Cross-Site Scripting (XSS) in admin/partials/googlecrawl_dfs.php via the 'place' GET parameter. The value from $_GET['place'] is URL-deco...
CVE-2026-13443
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Lesson Attachment Title in all versions up to, and including, 3.9.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2026-13468
The CVE-2026-13468 affects the WordPress plugin Visualizer – Tables & Charts Manager with Built-in AI Generator, vulnerable in all versions up to 4.0.3. The root cause is missing authorization checks for actions on the plugin’s REST endpoint /wp-json/visualizer/v1/action/{chart}/{type}/, allowing...
CVE-2026-9107
The Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'metakaliformsfieldcomponents' parameter in all versions up to, and including, 2.4.13 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2026-12904
The Kadence Blocks – Gutenberg Blocks for Page Builder Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.7.7. This is due to a mismatch between the object used for authorization and the object actually accessed in the...
CVE-2026-13731
CVE-2026-13731 affects the WPBot – AI ChatBot for WordPress plugin (versions up to and including 8.4.9). The vulnerability is a stored Cross‑Site Scripting (XSS) via the conversation parameter caused by insufficient input sanitization and output escaping. Unauthenticated attackers can inject arbi...
CVE-2026-12133
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Group Deletion in versions up to, and including, 5.7.8. This is due to a missing capability check in the joomsportseasongroupdel AJAX handler, which only...
CVE-2026-13246
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blockid' and other shortcode attributes of the 'givewpcampaigncomments' shortcode in versions up to, and including, 4.16.0. This is due to insufficient input sanitizati...
CVE-2026-7840
CVE-2026-7840 (UltraVNC repeater) : A global buffer overflow in the embedded HTTP administration server affects UltraVNC repeater versions up to 1.8.2.2. The functions wi_senderr() and wi_replyhdr() copy the caller-supplied HTTP request URI into a fixed 1000-byte buffer (hdrbuf) using unchecked s...
CVE-2026-7839
UltraVNC repeater up to version 1.8.2.2 contains a hardcoded default admin password that is written during first run when settings2.txt is absent. Specifically, repeater/webgui/settings.c assigns the literal string "adminadmi2" to saved_password (64 bytes) and the HTTP Basic-auth handler wi_decod...
CVE-2026-7838
UltraVNC viewer up to 1.8.2.2 is affected by an integer overflow leading to a heap buffer overflow in the RFB failure-response parsing path. In vncviewer/ClientConnection.cpp, the 4-byte reasonLen field is used as reasonLen+1 in CheckBufferSize(); with unsigned 32-bit operands, reasonLen 0xFFFFFF...
CVE-2026-7831
UltraVNC viewer
CVE-2026-7830
CVE-2026-7830 affects UltraVNC up to version 1.8.2.2 and concerns the MS-Logon II authentication. The DH key exchange uses parameters within 64-bit space (DH_MAX_BITS) and the private exponent is generated using a rng() that relies on three libc rand() calls seeded from time(NULL). This yields an...
CVE-2026-7829
UltraVNC repeater (= destination size, the NUL byte is written past the end of the stack array, corrupting adjacent data and potentially enabling code execution on the repeater host. An attacker with admin credentials (including via CVE-2026-7839 default password) can trigger this. The provided d...
CVE-2026-7828
UltraVNC repeater up to version 1.8.2.2 contains an integer overflow in the HTTP request logging path. In repeater/webgui/settings.c:336, win_log() allocates memory with malloc(sizeof(struct LIST) + strlen(line)); if strlen(line) is large, the size overflows to a value smaller than sizeof(struct ...
CVE-2026-44040
UltraVNC
CVE-2026-44041
UltraVNC
CVE-2026-44042
UltraVNC repeater up to version 1.8.2.2 contains an off-by-one bug in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, wi_uudecode() uses a strict > check to ensure output fits the buffer, but the correct condition is >=. When strlen(authdata) ...
CVE-2026-20463
In the Modem component, CVE-2026-20463 describes a local privilege escalation caused by a permissions bypass within the modem stack. The vulnerability could allow an attacker who already has System-level access to elevate privileges without user interaction. Mitigation is provided by patch MOLY01...
CVE-2026-20462
CVE-2026-20462 concerns a memory corruption issue in the Telephony component caused by a heap buffer overflow, enabling local escalation of privilege if an attacker already has System privileges. No user interaction is required. A patch is documented as ALPS11006447 (Issue MSV-7871). The connecte...
CVE-2026-20461
Vulnerability summary (CVE-2026-20461): In the Modem, there is a possible out-of-bounds write caused by a missing bounds check. This can lead to a remote denial of service when a UE connects to a rogue base station controlled by an attacker, with no additional execution privileges required and no...
CVE-2026-20460
The CVE-2026-20460 entry describes an information-disclosure flaw in a Modem component caused by improper input validation. An attacker-controlled rogue base station could trigger remote disclosure without needing user interaction or additional privileges. The vulnerability affects the Modem (spe...
CVE-2026-20459
CVE-2026-20459: In Modem, a crash can occur due to improper input validation, enabling remote denial of service when a UE connects to a rogue base station; no user interaction required. Exploitation specifics are not provided in the documents. Remediation is listed as Patch MOLY01816800 (MSV-6842...
CVE-2026-20458
The CVE-2026-20458 entry describes a memory corruption in a Modem component caused by a missing bounds check, allowing remote escalation of privilege when a user equipment connects to a rogue base station, with no user interaction required. The vulnerability is tied to Patch ID MOLY01402160 and I...
CVE-2026-20457
CVE-2026-20457 affects the modem component. The issue is a system crash caused by improper input validation, enabling a remote denial-of-service when a UE connects to a rogue base station, with no extra execution privileges or user interaction required. The vulnerability details are documented ac...
CVE-2026-14191
CVE-2026-14191 describes an out-of-bounds heap write in WinRAR/UnRAR’s RAR5 recovery-volume (.rev) parser (RecVolumes5::ReadHeader). The RecItems vector is sized based on the first .rev file; subsequent .rev files supply an independent RecNum that is validated against that file’s TotalCount but n...
CVE-2026-12943
CVE-2026-12943 affects IBM Power environments (HMC and PowerVM Novalink). The IBM advisories state an unauthenticated attacker could gain elevated privileges and execute arbitrary commands due to improper validation of user input (OS command injection). Affects Power Hardware Management Console (...
CVE-2026-57963
The CVE describes a vulnerability in Thunderbird’s chat UI where an attacker who can send HTML chat messages (via Matrix or XMPP) can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. Affected product: Thunderbird (chat UI component). Root cause: HTML/CSS cont...
CVE-2026-57962
The CVE-2026-57962 vulnerability affects the Thunderbird LDAP client used for address-book autocomplete. A malicious LDAP server can push arbitrarily large attacker-supplied data into Thunderbird, causing memory exhaustion and a DoS. Root cause: unbounded data accepted by the LDAP client during a...
CVE-2026-53488
CVE-2026-53488 affects containerd’s CRI plugin: image config LABELs are propagated to containers without validation, enabling potential host-command execution via a plugin that consumes labels. Concrete details across connected docs confirm this vulnerability in containerd versions prior to 1.7.3...
CVE-2026-57149
Technical details for CVE-2026-57149 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-41579
Technical details beyond the Initial Description are not provided in the connected documents; monitor for updates.
CVE-2026-54903
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.load is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in bufappendstring buf.h:61 converts the string length to a large negative sizet,...