206586 matches found
CVE-2026-20219
A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This vulnerability existed...
CVE-2026-28221
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in printhexstring in wazuh-remoted. The bug is triggered when formatting attacker-controlled bytes using sprintfdstbuf +...
CVE-2026-28759
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate that a remote cluster has access to a channel before processing membership removal requests during shared channel membership sync, which allows a malicious remote cluster to remove any user from any channel,...
CVE-2026-28116
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Emilia Projects Progress Planner allows Stored XSS. This issue affects Progress Planner: from n/a through 1.9.0...
CVE-2026-46544
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO accepts client-supplied sessionid values in WebSocket task messages and reuses an existing in-memory session object if that sessionid already exists. If a prior session...
CVE-2026-46561
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the PREREQFUNCTION-based private IP check was not applied to HTTPRequest used by the parseurls API. An authenticated attacker can supply a URL pointing to an attacker-controlled server that responds with...
CVE-2026-28732
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 Fail to enforce slash command trigger-word uniqueness during command updates which allows an authenticated team member with Manage Own Slash Commands permission to hijack and impersonate existing system or custom slash...
CVE-2026-28733
in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution...
CVE-2026-28444
Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verifying that the result belongs to the authorized typebot, leading to IDOR. An authenticated attacker...
CVE-2026-28553
Vulnerability of improper permission control in the theme setting module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2026-37504
Sensitive servertoken exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmission. The token appears in URLs such as /api/v1/server/UniProxy/user?token=SECRET, causing it to be...
CVE-2026-46721
The create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker can assign an arbitrary frontend user group to a newly registered or edited account, gaining unauthorized access to...
CVE-2026-28735
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the OAuth token scope on the callback which allows an authenticated Mattermost user to gain access to private repositories via modifying the scope parameter in the GitHub authorization URL...
CVE-2026-31205
Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function...
CVE-2026-31956
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to version 4.4.1, any authenticated user can manually construct a URL to preview campaigns/regions, and export saved reports belonging to other users. Exploitation of th...
CVE-2026-4917
IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...
CVE-2026-37503
Cross-Site Scripting XSS in V2Board thru 1.7.4. The customhtml field in theme configuration is rendered using Blade unescaped output in public/theme/v2board/dashboard.blade.php. An admin can inject arbitrary JavaScript via the saveThemeConfig API. All site visitors execute the payload, enabling...
CVE-2026-4665
The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox data-caption attributes in all versions up to, and including, 2.7.10. This is due to the fancybox-config.js script reading the carousel container's id attribute directly from the DOM to...
CVE-2026-28758
When BIG-IP DNS is provisioned, a vulnerability exists in the gtmadd and bigipadd iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged, authenticated attacker with access to...
CVE-2026-4683
The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all versions up to, and including, 3.1.77. This makes it possible for unauthenticated attackers to overwrite the plugin's...
CVE-2026-31953
Xibo is an open source digital signage platform with a web content management system and Windows display player software. A stored Cross-Site Scripting XSS vulnerability in versions prior to 4.4.1 allows an authenticated user with notification creation permissions to inject arbitrary JavaScript...
CVE-2026-31927
Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files e.g., /etc/shadow, enabling unauthorized SSH access when combined with debug‑setting changes...
CVE-2026-4054
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 Fail to validate the response body of proxied images, which allows a remote attacker to enact client-side DoS via an SVG file served from an attacker-controlled origin under a non-SVG Content-Type header e.g. image/png...
CVE-2026-4782
The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusiongetsvgfromfile' function with the 'customsvg' parameter of the 'fusionsectionseparator' shortcode. This makes it possible for authenticated attackers, with...
CVE-2026-4090
The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rdicsettingspage function when processing settings form submissions. This makes it possible for unauthenticated attackers...
CVE-2026-4881
In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error...
CVE-2026-4333
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'skin' attribute of the learnpresscourses shortcode in all versions up to and including 4.3.3. This is due to insufficient input sanitization and output escaping on the 'skin' shortcode...
CVE-2026-37505
SQL Injection via ORDER BY clause in V2Board thru 1.7.4. In app/Http/Controllers/Admin/UserController.php, the sort parameter from user input is passed directly to User::orderBy$sort, $sortType without validation. An authenticated admin can sort users by any database column including password,...
CVE-2026-4391
A security vulnerability has been detected in TeamSpeak 3 Server up to 3.13.7. This vulnerability affects unknown code of the component ECC Key Parser. Such manipulation leads to heap-based buffer overflow. The attack may be launched remotely. Upgrading to version 3.13.8 is able to resolve this...
CVE-2026-4081
The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the zemstl shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'url', 'color', and 'bgcolor'...
CVE-2026-4135
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file write with elevated privileges...
CVE-2026-4832
CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port...
CVE-2026-4076
The Slider Bootstrap Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'category' and 'template' shortcode attributes in all versions up to and including 1.0.7. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attribute...
CVE-2026-4085
The Easy Social Photos Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapperclass' shortcode attribute of the 'my-instagram-feed' shortcode in all versions up to, and including, 3.1.2. This is due to insufficient input sanitization and output escaping on user...
CVE-2026-31893
Tunnelblick is an open source graphic user interface for OpenVPN on macOS. In versions 3.3beta26 through 9.0beta01, any local user can read arbitrary root-owned files by exploiting a symlink following vulnerability in tunnelblick-helper, reachable through the world-accessible tunnelblickd Unix...
CVE-2026-4139
The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.5.2. This is due to the complete absence of nonce verification and capability checks in the computepost function, which processes settings updates. The computepost function is...
CVE-2026-4409
The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to unauthorized modification of data due to a leaked secret key and usage of a weak hash generation algorithm in all versions up to, and including, 240119. This makes it possible for unauthenticated attackers to extract the...
CVE-2026-4377
Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP...
CVE-2026-4805
The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...
CVE-2026-4032
The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in 'cc' comment shortcode in versions up to, and including, 0.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-4607
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properly verifying that a user is authorized to perform an action via the pmsetgrouporder, pmsetgroupitem...
CVE-2026-4117
The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5. This is due to a missing capability check in the CalJSettingsPage class constructor, which processes the 'save-obtained-key' operation directly from POST data without verifying that the...
CVE-2026-4089
The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in all versions up to and including 1.0.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The ttttwitteetweeter...
CVE-2026-4410
IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application Server 9.0, and 8.5 and WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability ...
CVE-2026-4795
A missing authorization vulnerability in Zyxel GS1200-5v3 firmware versions through 1.00ACPS.2C0, GS1200-8v3 firmware versions through 1.00ACPT.2C0, GS1200-5HPv3 firmware versions through 1.00ACPU.2C0, GS1200-8HPv3 firmware versions through 1.00ACPV.2C0, and GS1200-10v3 firmware versions through...
CVE-2026-4131
The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.4. This is due to the settings form on the admin page wpoadminpage.php lacking nonce generation wpnoncefield and verification wpverifynonce/checkadminreferer. Thi...
CVE-2026-4126
The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0 via the 'tablemanager' shortcode. The shortcode handler tablemanagerrendertableshortcode takes a user-controlled table attribute, applies only sanitizekey for...
CVE-2026-4140
The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.1.6. This is due to missing nonce validation in the niorderexportaction AJAX handler function. The handler processes settings updates when the 'page' parameter is...
CVE-2026-4429
The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'markername' and 'filecolorlist' shortcode attribute of the osmmapv3 shortcode in all versions up to and including 6.1.15. This is due to insufficient input sanitization and output escaping. This mak...
CVE-2026-4160
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference via the 'submissionid' parameter in versions up to, and including, 6.1.21. This is due to missing authorization and ownership validatio...