363608 matches found
CVE-2026-13314 Stored XSS in pretix-digital
Malicious HTML content could be injected into the content rendered by the pretix-digital plugin...
CVE-2026-6432 Improper bounds validation in EmberZNet SDK
Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage...
CVE-2026-46735
Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command...
CVE-2026-57587 SQL Injection in Nessus via Reverse DNS Lookup
A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...
CVE-2026-57588 SQL Injection in Nessus via Malicious Scan Result File Import
A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...
CVE-2026-46734
Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass...
CVE-2026-47154 Simple Metering GetProfileResponse interval-bounds bug in EmberZNet v9.0.2
In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observe...
CVE-2026-47153 Level Control Step With On/Off divide-by-zero in EmberZNet v9.0.2
In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...
CVE-2026-47152 Level Control Move divide-by-zero in EmberZNet v9.0.2
In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...
CVE-2026-47151 Door Lock ClearWeekdaySchedule invalid table index and write in EmberZNet v9.0.2
In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages must come from a device that has already joined the network. Only devices supporting the Door Lock...
CVE-2026-47150 IAS Zone enroll invalid table index and write in EmberZNet 9.0.2
In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the...
CVE-2026-47149 Door Lock GetUserType invalid table index in EmberZNet v9.0.2
In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devic...
CVE-2026-47148 Groups GetGroupMembership count/list-length mismatch in EmberZNet v9.0.2
In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...
CVE-2026-46732
Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of...
CVE-2026-47147 OTA server raw parser missing per-field bounds validation in EmberZNet v9.0.2
In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and location of this data is limited. These requests must come from a device that has already joined the...
CVE-2026-47146 Color Control color-temperature assertion abort in EmberZNet v9.0.2
In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...
CVE-2026-47145 Color Control hue/saturation assertion abort in EmberZNet v9.0.2
In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...
CVE-2026-56050 WordPress PPOM for WooCommerce plugin <= 33.0.18 - Broken Access Control vulnerability
Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18...
CVE-2026-56122 Winstone Servlet Engine 0.9.10 Path Traversal via HTTP Request Paths
Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traver...
CVE-2026-4526 Global ZCL command parser missing minimum-length validation in EmberZNet v9.0.2
In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...
CVE-2026-41120
Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution...
CVE-2026-2815 Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys
Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys...
CVE-2026-54848 WordPress APIExperts Square for WooCommerce plugin <= 4.7.3 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3...
CVE-2026-54829 WordPress WP Photo Album Plus plugin <= 9.1.13.005 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005...
CVE-2026-49506
Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution...
CVE-2026-46733
Dell Display and Peripheral Manager DDPM Windows, versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...
CVE-2026-54836 WordPress Filter & Grids plugin <= 3.11.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from n/a through 3.11.5...
CVE-2026-42389 Reject more queries with invalid header values
This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...
CVE-2026-54842 WordPress Royal MCP plugin <= 1.4.25 - Broken Access Control vulnerability
Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25...
CVE-2026-12755
Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...
CVE-2026-57429 WordPress Slim SEO plugin <= 4.6.2 - Broken Access Control vulnerability
Contributor Broken Access Control in Slim SEO = 4.6.2 versions...
CVE-2026-56071 WordPress Forminator plugin <= 1.53.1 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Forminator = 1.53.1 versions...
CVE-2026-56054 WordPress JS Help Desk plugin <= 3.1.1 - Arbitrary File Deletion vulnerability
Subscriber Arbitrary File Deletion in JS Help Desk = 3.1.1 versions...
CVE-2026-56053 WordPress EventPrime plugin <= 4.3.4.1 - PHP Object Injection vulnerability
Subscriber PHP Object Injection in EventPrime = 4.3.4.1 versions...
CVE-2026-56051 WordPress TablePress plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in TablePress = 3.3.1 versions...
CVE-2026-56049 WordPress Post Snippets plugin <= 4.0.19 - Remote Code Execution (RCE) vulnerability
Contributor Remote Code Execution RCE in Post Snippets = 4.0.19 versions...
CVE-2026-56042 WordPress Advanced Order Export For WooCommerce plugin <= 4.0.9 - Cross Site Scripting (XSS) vulnerability
Customer Cross Site Scripting XSS in Advanced Order Export For WooCommerce = 4.0.9 versions...
CVE-2026-56023 WordPress UPI QR Code Payment Gateway for WooCommerce plugin <= 1.6.2 - Broken Access Control vulnerability
Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce = 1.6.2 versions...
CVE-2026-56014 WordPress Master Slider plugin <= 3.11.2 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Master Slider = 3.11.2 versions...
CVE-2026-56006 WordPress H5P plugin <= 1.17.6 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in H5P = 1.17.6 versions...
CVE-2026-56013 WordPress License Manager for WooCommerce plugin <= 3.0.15 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References IDOR in License Manager for WooCommerce = 3.0.15 versions...
CVE-2026-56005 WordPress WP Activity Log plugin <= 5.6.3.1 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting XSS in WP Activity Log = 5.6.3.1 versions...
CVE-2026-54849 WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.11 - SQL Injection vulnerability
Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce = 1.1.11 versions...
CVE-2026-54845 WordPress MDTF plugin <= 1.3.8 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in MDTF = 1.3.8 versions...
CVE-2026-54844 WordPress CheckView Automated Testing plugin <= 2.1.0 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in CheckView Automated Testing = 2.1.0 versions...
CVE-2026-54843 WordPress MDTF plugin <= 1.3.7 - SQL Injection vulnerability
Unauthenticated SQL Injection in MDTF = 1.3.7 versions...
CVE-2026-54841 WordPress Vitepos plugin <= 3.4.2 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Vitepos = 3.4.2 versions...
CVE-2026-54838 WordPress WC Vendors Marketplace plugin <= 2.6.8 - SQL Injection vulnerability
Subscriber SQL Injection in WC Vendors Marketplace = 2.6.8 versions...
CVE-2026-54830 WordPress Five Star Restaurant Reservations plugin <= 2.7.19 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Five Star Restaurant Reservations = 2.7.19 versions...
CVE-2026-54828 WordPress Motors plugin <= 1.4.109 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Motors = 1.4.109 versions...