363761 matches found
CVE-2026-10839
Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter the URLs generated by the application. A successful exploit could redirect authenticated users to malicious sites following login procedures or...
CVE-2026-11975
Stored cross-site scripting XSS in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without HTML sanitization and rendered unencoded via @Html.Raw...
CVE-2026-11858
Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITY\SYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local authenticated...
CVE-2026-11857
Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service due to insecure deserialization in the .NET Remoting service. The service is configured with TypeFilterLevel.Full and is bound to local interfaces only through named pipes. A local...
CVE-2026-10836
Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A successful exploit could result in the generation of manipulated links or responses, potentially leading to limited information disclosure or compromising...
CVE-2026-10837
Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause the victim to be redirected to domains controlled by the attacker, enabling phishing or deception attacks with limited...
CVE-2026-10094
A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 could allow an attacker to write arbitrary files on the server...
CVE-2026-0083
In Nfc::eventCallback of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0071
In SettingsLib, there is a possible missing permission check due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0081
In NFC, there is a possible way to spoof an NFC event due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0082
In tryStartActivity of NfcDispatcher.java, there is a possible automatic special app access permission assignment due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0092
In Package Manager, there is a possible device lock controller bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0068
In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution...
CVE-2025-69176
Unauthenticated Local File Inclusion in ITactics = 1.0 versions...
CVE-2025-69177
Unauthenticated Local File Inclusion in Roneous = 2.1.5 versions...
CVE-2025-69178
Unauthenticated Local File Inclusion in Truemag = 4.3.14.2 versions...
CVE-2025-69179
Unauthenticated Privilege Escalation in Support Ticket Management System = 1.9 versions...
CVE-2026-0019
In SettingsLib, there is a possible way to disable system components due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0057
In Contacts Provider, there is a possible way to access an incoming call's phone number and associated metadata due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0063
In setAllowedCarriers of PhoneInterfaceManager.java, there is a possible way to disable carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0064
In multiple places, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-69173
Unauthenticated Local File Inclusion in Tipsy = 1.1 versions...
CVE-2025-69163
Unauthenticated Local File Inclusion in WineShop = 3.17 versions...
CVE-2025-69168
Unauthenticated Local File Inclusion in Spike = 1.2 versions...
CVE-2025-69171
Unauthenticated Local File Inclusion in Orpheus = 1.3 versions...
CVE-2025-69165
Unauthenticated Local File Inclusion in Choreo = 1.6 versions...
CVE-2025-69167
Unauthenticated Local File Inclusion in Eros = 1.3 versions...
CVE-2025-69172
Unauthenticated Local File Inclusion in Resurs = 1.3 versions...
CVE-2025-69151
Unauthenticated Cross Site Scripting XSS in Grand Car Rental = 3.7 versions...
CVE-2025-69162
Unauthenticated Local File Inclusion in Grecko = 5.17 versions...
CVE-2025-69161
Unauthenticated Local File Inclusion in Snowy = 1.13 versions...
CVE-2025-69160
Unauthenticated Local File Inclusion in Gita = 1.11 versions...
CVE-2025-69159
Unauthenticated Local File Inclusion in Printo = 1.11 versions...
CVE-2025-69150
Unauthenticated Local File Inclusion in Medeus = 1.14 versions...
CVE-2025-69147
Unauthenticated Local File Inclusion in Putter = 1.17 versions...
CVE-2025-69148
Unauthenticated Local File Inclusion in Quirky = 1.23 versions...
CVE-2025-69146
Unauthenticated Local File Inclusion in Dom = 1.24 versions...
CVE-2025-69149
Unauthenticated Local File Inclusion in Top Dog = 1.0.5 versions...
CVE-2025-69138
Subscriber Privilege Escalation in Genemy = 1.6.6 versions...
CVE-2025-69139
Unauthenticated Arbitrary File Deletion in Car Zone = 3.7 versions...
CVE-2025-69141
Unauthenticated Local File Inclusion in Kelly Young = 1.1.0 versions...
CVE-2025-69136
Unauthenticated Local File Inclusion in Wanium = 1.9.8 versions...
CVE-2025-69145
Unauthenticated Local File Inclusion in Gat = 1.16 versions...
CVE-2025-69142
Unauthenticated Local File Inclusion in Abelle = 1.22 versions...
CVE-2025-69137
Subscriber Broken Access Control in Genemy = 1.6.6 versions...
CVE-2025-69143
Unauthenticated Local File Inclusion in Mission = 1.22 versions...
CVE-2025-69135
Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin = 2.7.2 versions...
CVE-2025-69129
Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...
CVE-2025-69125
Unauthenticated Local File Inclusion in Food Drop = 1.3 versions...
CVE-2025-69121
Unauthenticated Local File Inclusion in Deliciosa = 1.10.0 versions...