367123 matches found
CVE-2026-42214 Improper Control of Generation of Code ('Code Injection') in dail8859/NotepadNext
Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...
CVE-2026-7413 Persistent undocumented backdoor access in Yarbo robot
A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated or weakly authenticated access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary firmware updates...
CVE-2026-8093 Memory safety bugs fixed in Firefox 150.0.2
Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2 and Thunderbird 150.0.2...
CVE-2026-0300 PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal
A buffer overflow vulnerability in the User-ID™ Authentication Portal aka Captive Portal service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. T...
CVE-2026-6787 Usage of a hard-coded cryptographic key in WatchGuard Agent allows inclusion of code into existing process
Use of Hard-coded Cryptographic Key vulnerability in WatchGuard Agent on Windows allows Inclusion of Code in Existing Process.This issue affects WatchGuard Agent: before 1.25.03.0000...
CVE-2026-40797 WordPress WebinarIgnition plugin <= 4.08.253 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saleswonder LLC WebinarIgnition allows Blind SQL Injection. This issue affects WebinarIgnition: from n/a through 4.08.253...
CVE-2025-13618 Mentoring <= 1.2.8 - Unauthenticated Privilege Escalation in mentoring_process_registration
The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can register with in the mentoringprocessregistration function. This makes it possible for unauthenticated...
CVE-2026-41572 Note Mark: Unauthenticated read of notes and assets in soft-deleted public books
Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note I...
CVE-2026-7748 Totolink N300RH POST Request cstecgi.cgi setUpgradeFW buffer overflow
A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument FileName can lead to buffer overflow. The attack can be launched...
CVE-2026-7721 Totolink WA300 cstecgi.cgi NTPSyncWithHost command injection
A security vulnerability has been detected in Totolink WA300 5.2cu.7112B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed...
CVE-2026-7698 Tiandy Easy7 Integrated Management Platform updateDbBackupInfo os command injection
A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo. Such manipulation of the argument week leads to os command injection. The attack can be executed...
CVE-2026-7669 sgl-project SGLang HuggingFace Transformer hf_transformers_utils.py get_tokenizer code injection
A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function gettokenizer of the file python/sglang/srt/utils/hftransformersutils.py of the component HuggingFace Transformer Handler. The manipulation of the argument trustremotecode with the input False as part of Boole...
CVE-2026-6785 Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150
Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...
CVE-2026-40244 OpenEXR has integer overflow in DWA setupChannelData planarUncRle pointer arithmetic (missed variant of CVE-2026-34589)
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, internaldwacompressor.h:1722 performs curc-width curc-height in int32...
CVE-2026-34605 SiYuan: Reflected XSS via SVG namespace prefix bypass in SanitizeSVG ( getDynamicIcon, unauthenticated )
SiYuan is a personal knowledge management system. From version 3.6.0 to before version 3.6.2, the SanitizeSVG function introduced in version 3.6.0 to fix XSS in the unauthenticated /api/icon/getDynamicIcon endpoint can be bypassed by using namespace-prefixed element names such as . The Go HTML5...
CVE-2025-69651
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dumprelocations returns early due to parsing errors, the internal allrelocations array may remain partially uninitialized...
CVE-2025-69652
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort SIGABRT when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in processdebuginfo, an invalid debuginfop state may propagate into DWARF attribute parsing...
CVE-2026-2269 Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 7.0.0.3 - Authenticated (Administrator+) Server-Side Request Forgery to Arbitrary File Upload
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.0.0.3 via the downloadurl function. This makes it possible for authenticated attackers, with...
CVE-2026-25388 WordPress Ads Pro plugin <= 5.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads Pro: from n/a through = 5.0...
CVE-2026-24733 Apache Tomcat: Security constraint bypass with HTTP/0.9
Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a specification inval...
CVE-2026-1506 D-Link DIR-615 MAC Filter Configuration adv_mac_filter.php os command injection
A vulnerability was determined in D-Link DIR-615 4.10. Impacted is an unknown function of the file /advmacfilter.php of the component MAC Filter Configuration. This manipulation of the argument mac causes os command injection. The attack is possible to be carried out remotely. The exploit has bee...
CVE-2022-50912 ImpressCMS 1.4.4 - Unrestricted File Upload
ImpressCMS 1.4.4 contains a file upload vulnerability with weak extension sanitization that allows attackers to upload potentially malicious files. Attackers can bypass file upload restrictions by using alternative file extensions .php2.php6.php7.phps.pht to execute arbitrary PHP code on the serv...
CVE-2023-54234 scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix missing mrioc-evtackcmds initialization Commit c1af985d27da "scsi: mpi3mr: Add Event acknowledgment logic" introduced an array mrioc-evtackcmds but initialization of the array elements was missed. They are just...
CVE-2025-40252 net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end()
In the Linux kernel, the following vulnerability has been resolved: net: qlogic/qede: fix potential out-of-bounds read in qedetpacont and qedetpaend The loops in 'qedetpacont' and 'qedetpaend', iterate over 'cqe-lenlist' using only a zero-length terminator as the stopping condition. If the...
CVE-2025-47914 Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent
SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read...
CVE-2025-6203 Vault unauthenticated denial of service through complex json payload
A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become...
CVE-2025-50579
A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...
CVE-2024-34711 GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)
GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities XEE attack, then send GET request to any HTTP server. By default, GeoServer use...
CVE-2025-3076 Elementor Pro <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttontext’ parameter in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-5054 Race Condition in Canonical Apport
Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function checkglobalpidandforward, which detects if the crashing process resided in a container, was being called...
CVE-2025-47949 samlify SAML Signature Wrapping attack
samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fix...
CVE-2025-22871 Request smuggling due to acceptance of invalid chunked data in net/http
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...
CVE-2025-27089 Overlapping policies allow update to non-allowed fields in directus
Directus is a real-time API and App dashboard for managing SQL database content. In affected versions if there are two overlapping policies for the update action that allow access to different fields, instead of correctly checking access permissions against the item they apply for the user is...
CVE-2025-23419 TLS Session Resumption Vulnerability
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...
CVE-2024-55894 TYPO3 Cross-Site Request Forgery in Backend User Module
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
CVE-2025-22599 WeGIA has a Cross-Site Scripting (XSS) Reflected endpoint `home.php` parameter `msg_c`
WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the home.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msgc parameter. This vulnerability is fixed in 3.2.8...
CVE-2024-10957 UpdraftPlus: WP Backup & Migration Plugin 1.23.8 - 1.24.11 - Unauthenticated PHP Object Injection
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursiveunserializedreplace' function. This makes it possible for unauthenticated attackers to inject a P...
CVE-2024-48889
An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiManager version 7.6.0, version 7.4.4 and below, version 7.2.7 and below, version 7.0.12 and below, version 6.4.14 and below and FortiManager Cloud version 7.4.4 and below,...
CVE-2024-55949 Privilege escalation in IAM import API in MinIO
MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit 580d9db85e04f1b63cc2909af50f0ed08afa965f. This issue has been addressed in commit...
CVE-2024-49105 Remote Desktop Client Remote Code Execution Vulnerability
...
CVE-2024-54149 Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion
Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such...
CVE-2024-40582
Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information...
CVE-2024-12344 TP-Link VN020 F3v(T) FTP USER Command memory corruption
A vulnerability, which was classified as critical, was found in TP-Link VN020 F3vT TTV6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to th...
CVE-2024-52471 WordPress Extensions for Elementor plugin <= 2.0.37 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in petesheppard84 Extensions for Elementor allows Reflected XSS.This issue affects Extensions for Elementor: from n/a through 2.0.37...
CVE-2024-49758 LibreNMS has a stored XSS in ExamplePlugin with Device's Notes
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can add Notes to a device, the application did not properly sanitize the user input, when the ExamplePlugin enable, if java script code is inside the device's Notes, its will be trigger. This...
CVE-2024-10571 Chartify – WordPress Chart Plugin <= 2.9.5 - Unauthenticated Local File Inclusion via source
The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the executio...
CVE-2024-50854
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow via the formSetPortMapping function...
CVE-2024-49665 WordPress Web Bricks Addons for Elementor plugin <= 1.1.1 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Web Bricks Web Bricks Addons for Elementor allows Stored XSS.This issue affects Web Bricks Addons for Elementor: from n/a through 1.1.1...
CVE-2024-48913 Hono vulnerable to bypass of CSRF Middleware by a request without Content-Type header.
Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery CSRF middleware by a request without Content-Type header. Although the CSRF middleware verifies the Content-Type Header, Hono always considers a request without a Content-Type header to be safe. Th...
CVE-2024-7432 Unseen Blog <= 1.0.0 - Authenticated (Contributor+) PHP Object Injection
The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is...