206558 matches found
CVE-2026-8507
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds OOB write flaws. When parsing a PKCS12 file, with a = 1 GiB OCTET STRING or BIT STRING attribute on a SAFEBAG, via info or infoashash, a heap out-of-bounds write would be triggered with remote-code-execution potential RCE du...
CVE-2026-8291
A weakness has been identified in Open5GS up to 2.7.7. Impacted is the function ogsnnrfnfmhandlenfprofile of the file lib/sbi/nnrf-handler.c of the component NRF. This manipulation causes denial of service. The attack is possible to be carried out remotely. The exploit has been made available to...
CVE-2026-8965
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure in the DOM: Security component...
CVE-2026-8767
A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an...
CVE-2026-8951
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the Toolbar component in Firefox for Android...
CVE-2026-8251
A vulnerability was found in Open5GS up to 2.7.7. This impacts the function updateauthorizedpccruleandqos of the file /src/smf/npcf-handler.c of the component SMF. Performing a manipulation results in denial of service. The attack is possible to be carried out remotely. The exploit has been made...
CVE-2026-8969
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...
CVE-2026-8952
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Application Update component...
CVE-2026-8116
A weakness has been identified in huangjunsen0406 xiaozhi-mcphub up to 1.0.3. This vulnerability affects unknown code of the file src/controllers/dxtController.ts. This manipulation of the argument manifest.name causes path traversal. The attack may be initiated remotely. The exploit has been mad...
CVE-2026-8097
A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument squeryx results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may...
CVE-2026-8259
A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been...
CVE-2026-8413
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/page/bulk/design. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonata...
CVE-2026-8772
A weakness has been identified in linlinjava litemall up to 1.8.0. Affected is an unknown function of the component Admin Endpoint. Executing a manipulation can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for...
CVE-2026-8493
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox Inline allows Cross-Site Scripting XSS. This issue affects Colorbox Inline: from 0.0.0 before 2.1.1...
CVE-2026-8879
Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...
CVE-2026-8349
A flaw has been found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGAP Message Handler. Executing a manipulation can lead to memory corruption. The attack can be launched remotely. The exploit has been published and may be used. This patch is called...
CVE-2026-8781
A security flaw has been discovered in omec-project amf up to 2.1.3-dev. The impacted element is the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer dereference. The attack may be launched remotely. The exploit has been released to the public and ma...
CVE-2026-8721
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...
CVE-2026-8028
A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...
CVE-2026-8091
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2...
CVE-2026-8262
A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /accounts/chart-save. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was...
CVE-2026-8376
A flaw was found in Perl. A remote attacker could exploit a heap buffer overflow vulnerability when compiling regular expressions with a repeated fixed string on 32-bit builds. Specifically, the Perlstudychunk function in regcompstudy.c incorrectly calculates the size of the joined substring...
CVE-2026-8268
A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function OpenAPIlistcreate of the component SMF. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The project was informed ...
CVE-2026-8127
A vulnerability has been found in eladmin up to 2.7. Impacted is the function checkLevel of the file /rest/UserController.java of the component Users API Endpoint. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit has been disclosed to the publi...
CVE-2026-8433
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file rescan. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan...
CVE-2026-8271
A vulnerability was identified in D-Link DNS-320 2.06B01. The impacted element is the function cgispeed/cgidhcpdlease/cgiddns/cgisetip/cgiupnpdel/cgidhcpd/cgiupnpadd/cgiupnpedit of the file /cgi-bin/networkmgr.cgi. The manipulation leads to os command injection. The attack is possible to be carri...
CVE-2026-8253
A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerability is an unknown functionality of the file /inventory/purchasesave. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available a...
CVE-2026-8136
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /index.php?page=users. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and...
CVE-2026-8415
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/express/association/reorder. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...
CVE-2026-8774
A vulnerability was detected in Edimax BR-6228NC 1.22. Affected by this issue is the function mp of the file /goform/mp of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack may be performed from remote. The exploit is now public...
CVE-2026-8477
Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensitive data without triggering the unseal audit notification via a crafted API request. This issue...
CVE-2026-8765
A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component File Diff API Endpoint. Performing a manipulation of the argument File results in path traversal. It...
CVE-2026-8972
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the WebRTC: Audio/Video component...
CVE-2026-8963
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the Web Speech component...
CVE-2026-8501
Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOCTL handlers. A local attacker with the ability to access or load the affected driver can exploit...
CVE-2026-8783
A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been disclosed publicl...
CVE-2026-8945
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in Firefox and Firefox Focus for Android...
CVE-2026-8495
Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15...
CVE-2026-8411
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/page/bulk/delete. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonata...
CVE-2026-8288
A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsmhandlepdusessionmodificationqosflowdescriptions of the file src/smf/gsm-handler.c of the component SMF. Executing a manipulation of the argument n1SmMsg can lead to denial of service. The attack may be launched...
CVE-2026-8114
A vulnerability was identified in JeecgBoot up to 3.9.1. Affected by this issue is some unknown functionality of the file /sys/dict/loadTreeData of the component JSON Object Handler. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The explo...
CVE-2026-8967
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure in the Graphics: WebGPU component...
CVE-2026-8491
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1...
CVE-2026-8293
The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user's password to obtain a WordPress authentication session for that user without completing the email...
CVE-2026-8123
A vulnerability was determined in Open5GS up to 2.7.7. This impacts the function ogssbidiscoveryoptionaddsnssais in the library /lib/sbi/message.c of the component NSSF. This manipulation causes denial of service. It is possible to initiate the attack remotely. The exploit has been publicly...
CVE-2026-8086
A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly...
CVE-2026-8275
A vulnerability was detected in bettercap up to 2.41.5. Affected by this vulnerability is the function ippReadChunkedBody of the file modules/zerogod/zerogodippprimitives.go of the component zerogod IPP Service. Performing a manipulation results in integer coercion error. The attack can be...
CVE-2026-8949
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Integer overflow in the Widget: Win32 component...
CVE-2026-35250
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle V...
CVE-2026-35548
An issue was discovered in guardsix formerly Logpoint ODBC Enrichment Plugins before 5.2.1 5.2.1 is used in guardsix 7.9.0.0. A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or Port. When editing an existing Enrichment Source,...