163701 matches found
CVE-2026-8396 XXE in Netcad's NetGIS
Improper restriction of XML external entity reference vulnerability in Netcad Software Inc. NetGIS allows Serialized Data External Linking. This issue affects NetGIS: from 5.0.66 before 7.2.2...
CVE-2026-16013 liftoff-sr CIPster cipepath.cc deserialize_symbolic out-of-bounds
A vulnerability has been found in liftoff-sr CIPster up to 632336d414ef708a542377c1aa8d6fdb7c70a760. Affected by this issue is the function CipAppPath::deserializesymbolic of the file source/src/cip/cipepath.cc. Such manipulation leads to out-of-bounds read. The attack may be launched remotely. T...
CVE-2026-16008 sagold json-schema-library propertyDependencies.ts parsePropertyDependencies prototype pollution
A security vulnerability has been detected in sagold json-schema-library 11.5.0/11.5.1. This impacts the function parsePropertyDependencies of the file src/keywords/propertyDependencies.ts. The manipulation leads to improperly controlled modification of object prototype attributes. The attack can...
CVE-2026-59252 Missing gas_limit validation in mpp Tempo fee-payer enables wallet drain
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...
CVE-2026-59694 Unbounded access list in mpp Tempo fee-payer inflates gas cost per payment
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to inflate the fee-payer's gas cost per payment by a large multiplier, degrading the sponsor's operating margin. When the mpp Elixir library is configured as fee payer feepayer: true,...
CVE-2026-59695 Unbounded max_fee_per_gas in mpp Tempo fee-payer enables single-request wallet drain
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet in a single request by naming an arbitrarily high gas price. When the mpp Elixir library is configured as fee payer feepayer: true,...
CVE-2026-8075 Posting a malicious markdown image crashes the Mattermost Desktop App
Mattermost Desktop App versions =6.2 5.5.13 6.0.2.0 fail to properly null check when checking for headers in the Mattermost Desktop App which allows any user to crash another channel members Desktop App via posting a malicious link with an embedded image that misses one of those headers. Mattermo...
CVE-2026-9602 Mattermost Desktop App crashes when malformed arguments are provided to some exposed IPC methods
Mattermost Desktop App versions =6.2 6.0.2 5.6.13.0 fail to validate payloads sent from the Mattermost Web App to the Desktop App which allows a malicious server owner to crash the Mattermost Desktop App via changing the payload of a method to a malformed one. Mattermost Advisory ID: MMSA-2026-00...
CVE-2026-22104 Improper access control in Hashtopolis server chunk activity component
Improper access control in Hashtopolis server web-interface chunk activity component for versions prior to 0.14.8 allows any created account to read all cracked hashes of a Hashtopolis server instance...
CVE-2026-62764 Apache Accumulo: A user can trigger a graceful shutdown of services without the relevant system permissions
Improper Handling of Insufficient Privileges vulnerability in Apache Accumulo. An authenticated, but low-privileged user without system permissions may issue a remote command to gracefully shutdown system components compaction-coordinator, compactor, gc, manager, monitor, tserver, or sserver,...
CVE-2026-15380 Local privilege escalation in Symantec ITMS
A non-administrator interactive user can obtain full SYSTEM code execution through a DCOM/task scheduler logic chain — no network access, no memory corruption required ITMS 8.7.3...
CVE-2026-9656 HubSpot All-In-One Marketing <= 11.3.62 - Authenticated (Contributor+) Sensitive Information Exposure via Block Editor Localized Script
The HubSpot All-In-One Marketing – Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.62 via the wplocalizescript / window.leadinConfig JavaScript object. This makes it possible for authenticated attackers, with...
CVE-2026-15379 Arbitrary File Read as SYSTEM in Symantec ITMS
The Altiris WMI provider exposes a class AltirisAgentStream that allows any local standard user to read the contents of any file accessible to the SYSTEM account, bypassing filesystem ACLs. No admin privileges required. The provider reverts to the LocalSystem context when servicing WMI queries...
CVE-2019-25764
UNSUPPORTED WHEN ASSIGNED Exposed IOCTL with Insufficient Access Control in the ASUS AURA SYNC driver allows a local user to bypass the driver's verification and invoke arbitrary IOCTLs, resulting in privilege escalation. Refer to the 'End-of-Life Notice and Driver Update for Legacy ASUS Drivers ...
CVE-2026-12393 WPS Bookings for WooCommerce < 3.11.7 - Subscriber+ Arbitrary Booking Order Cancellation via IDOR
The WPS Bookings for WooCommerce WordPress plugin before 3.11.7 does not verify that a booking order belongs to the requesting user before cancelling it, allowing any authenticated user, such as a Subscriber or Customer, to cancel and void other customers' booking orders...
CVE-2026-11966 User Registration & Membership < 5.2.3 - Unauthenticated Limited User Deletion via Stripe Subscription Handler
The User Registration & Membership WordPress plugin before 5.2.3 does not perform a capability check for unauthenticated callers on one of its membership payment actions and acts on a caller-supplied user identifier, allowing unauthenticated attackers to delete recently-registered, payment-pendin...
CVE-2026-9810 AI Chatbot & Workflow Automation by AIWU < 1.5.4 - Unauthenticated Privilege Escalation via MCP OAuth
The AI Copilot WordPress plugin before 1.5.4 does not bind OAuth access tokens to a WordPress user, and accepts any valid token as an administrator session, allowing unauthenticated attackers who complete the public OAuth flow to execute privileged MCP tools as an administrator, including arbitra...
CVE-2026-13402 Royal Elementor Addons < 1.7.1063 - Unauthenticated Private Mega Menu Template Disclosure
The Royal Addons for Elementor WordPress plugin before 1.7.1063 does not check the post status of menu items or the templates they reference in one of its REST endpoints, allowing unauthenticated users to retrieve the rendered HTML content of private or draft Elementor templates linked from...
CVE-2026-11575 PhonePe Payment Solutions < 3.1.0 - Unauthenticated Payment Bypass via Forged Callback
The PhonePe Payment Solutions WordPress plugin before 3.1.0 does not properly verify the authenticity of incoming payment callbacks: the secret used to validate the callback signature is empty on sites configured through the current setup flow, so the expected signature reduces to an unkeyed hash...
CVE-2026-15982 Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit <= 2.8.4 - Unauthenticated Privilege Escalation via 'aiomatic_call_google_ai_function'
The Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.8.4. This is due to due to a missing capability check on the 'aiomaticcallgoogleaifunction' function. This makes ...
CVE-2026-21770 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to DLL hijacking
HCL Traveler for Microsoft Outlook HTMO is susceptible to a DLL hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content...
CVE-2026-58317
Unsigned to Signed Conversion Error CWE-196 vulnerability exists in TTSSH2 plugin of Tera Term provided by TeraTerm Project. When Tera Term attempts to establish an SSH connection to a server set up by an attacker, out-of-bounds read/write may occur. As a result, the contents of adjacent memory...
CVE-2026-60060
Improper Handling of Length Parameter Inconsistency CWE-130 vulnerability exists in TTSSH2 plugin of Tera Term provided by TeraTerm Project. When Tera Term attempts to establish an SSH connection to a server set up by an attacker, out-of-bounds read/write may occur. As a result, the contents of...
CVE-2026-15161 Ninja Forms - Excel Export <= 3.3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'filter' Parameter
The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.6. This is due to the savefilter AJAX handler storing the raw $POST'filter' array into a WordPress option via updateoption without any capability check, nonce...
CVE-2026-14503 pCloud WP Backup <= 2.0.3 - Missing Authorization on the 'start_backup' AJAX Method to Authenticated (Subscriber+) Arbitrary File Read
The pCloud WP Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.3 via the wp2pclajaxprocessrequestinner. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract force generation of a...
CVE-2026-15159 Ninja Forms - Excel Export <= 3.3.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Data Disclosure via 'spreadsheet_export_form_id' Parameter
The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.6 via the 'spreadsheetexportformid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...
CVE-2026-15160 Ninja Forms - Excel Export <= 3.3.6 - Missing Authorization to Authenticated (Subscriber+) XLS Write via Path Traversal
The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.6 via the 'spreadsheetexporttmpname' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to write .xls/.xlsx files ...
CVE-2026-62387 Grav < 1.0.0-rc.16 CORS Misconfiguration via API Plugin
The Grav API plugin getgrav/grav-plugin-api before 1.0.0-rc.16 shipped Access-Control-Allow-Origin: as its default CORS configuration on all responses, including authenticated endpoints and preflight OPTIONS responses. Because the plugin accepts credentials via the Authorization and X-API-Token...
CVE-2026-62238 OpenRemote < 1.26.0 SQL Injection via Crosstab Export
OpenRemote before 1.26.0 contain an authenticated SQL injection vulnerability in the datapoint crosstab export endpoint that constructs PostgreSQL queries by concatenating asset display names into raw SQL. An authenticated attacker with asset creation or rename permissions can inject SQL through...
CVE-2026-62235 Grav Flex-Objects < 1.4.3 Authorization Bypass via API
Grav Flex-Objects before version 1.4.3 contains a broken access control vulnerability in the admin-next REST API that allows authenticated users with only api.access permission to perform unauthorized CRUD operations on permission-less directories. Attackers with api.access credentials can create...
CVE-2026-62232 Grav < 2.0.4 2FA Bypass via Secret Regeneration
Grav before 2.0.4 contains a two-factor authentication bypass vulnerability in the login plugin where the regenerate2FASecret task checks only user existence, not authorization, during the pending TOTP challenge window. Attackers who know the victim's password can call this task without a CSRF...
CVE-2026-62229 OpenClaw < 2026.5.18 Authorization Bypass via Glob Matching
OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in exec allowlist glob matching that allows lower-trust callers to execute actions beyond intended authorization. Attackers can craft input paths that traverse the allowlist glob patterns to execute or persist unauthorized...
CVE-2026-62226 OpenClaw 2026.3.28 < 2026.5.19 Authorization Bypass via Browser Act Route
OpenClaw 2026.3.28 before 2026.5.19 contain an authorization bypass vulnerability in the browser act route that fails to properly validate current-tab URL checks. Attackers with lower-trust access or configured input paths can perform actions requiring stronger authorization or policy checks...
CVE-2026-62223 OpenClaw < 2026.5.18 Authorization Bypass via Device-pair
OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in the device-pair approval feature that allows lower-trust callers to execute actions beyond their intended authorization. Attackers can exploit misconfigured input paths to execute or persist unauthorized actions when the...
CVE-2026-62220 OpenClaw 2026.2.25 < 2026.5.26 WebSocket Rate Limit Bypass
OpenClaw 2026.2.25 before 2026.5.26 allow a lower-trust caller or configured input path to bypass non-browser rate limits on WebSocket authentication attempts. When the affected feature is enabled and reachable by lower-trust input, this can consume gateway resources and reduce service availabili...
CVE-2026-62217 OpenClaw 2026.5.14-beta.1 < 2026.5.27 Authentication Bypass via exec approvals
OpenClaw 2026.5.14-beta.1 before 2026.5.27 contain an authorization flaw in the QQBot exec approvals feature. When the feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization, allowing...
CVE-2026-62214 OpenClaw < 2026.5.28 Bot Framework SSRF via serviceUrl Parameter Validation
OpenClaw versions before 2026.5.28 Bot Framework contains an improper input validation vulnerability that allows lower-trust callers to expose bot tokens and credentials by failing to properly validate serviceUrl parameters. Attackers can supply malicious serviceUrl values through configured inpu...
CVE-2026-62208 OpenClaw < 2026.6.5 Authorization Header Forwarding via SSE
OpenClaw before 2026.6.5 could forward Authorization headers during MCP SSE redirects. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization. Impact depends on the operator's...
CVE-2026-62205 OpenClaw 2026.4.12-beta.1 < 2026.6.6 Authorization Bypass via message actions
OpenClaw versions 2026.4.12-beta.1 before 2026.6.6 contain a missing-authorization vulnerability in the MS Teams message actions feature. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path can perform actions that should have required a stronger...
CVE-2026-62201 OpenClaw < 2026.6.6 Network Policy Bypass via exec-server
OpenClaw versions before 2026.6.6 contain a network policy bypass vulnerability in the sandbox exec-server that allows lower-trust callers to reach internal network destinations blocked by OpenClaw policy. Attackers can send HTTP requests through the exec-server to access network resources that...
CVE-2026-34150 Wazuh: Heap buffer overflow in wazuh-analysisd via rootcheck event parsing
Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions 1.0.0 and above, prior to 4.14.5, a heap buffer overflow in wazuh-analysisd allows an unauthenticated remote attacker to crash the Wazuh manager's analysis engine, causing complete loss of SI...
CVE-2026-33754 Wazuh: Unauthenticated cluster packet length leads to uncontrolled memory allocation (remote DoS)
Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions 3.9.0 and above, prior to 4.14.5, a remote attacker can trigger memory exhaustion in the cluster protocol parser by sending a crafted message header with an arbitrarily large payload length...
CVE-2026-44436 Quicly is vulnerable to connection state corruption
Quicly is an IETF QUIC protocol implementation intended primarily for use within the H2O HTTP server. Prior to commit 8b178e6, Quicly is vulnerable to a Denial of Service attack through connection state corruption. In QUIC Invariants, the maximum length of a Connection ID is 255 bytes, while QUIC...
CVE-2026-44435 Quicly: Remote Denial of Service via assertion failure when CRYPTO stream handshake data exceeds 32KB
Quicly is an IETF QUIC protocol implementation intended primarily for use within the H2O HTTP server. Prior to commit 937d0e9, an assertion failure is raised when the total number of valid handshake messages received over a CRYPTO stream of a single packet number space exceeds 32KB, causing a...
CVE-2026-43978 wger: Privilege escalation via trainer-login session chaining allows gym trainers to impersonate gym managers
wger is a free, open-source workout and fitness manager. In versions prior to 2.6, a gym trainer can escalate their session to any higher-privileged account gym manager, general manager by chaining two calls to the trainer-login endpoint. Once a trainer performs a legitimate switch into a...
CVE-2026-59117 Windows Terminal Remote Code Execution Vulnerability
...
CVE-2026-57077 YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via an unbounded newline scan in newline_len
YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via an unbounded newline scan in newlinelen. In the bundled libsyck newlinelen and isnewline dereference the scan pointer, and the following byte for a "\r\n" pair, with no NUL-terminator or bounds check. During block-scalar...
CVE-2026-57075 YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syck_base64dec
YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syckbase64dec. The base64 decoder in the bundled libsyck indexes the 256-entry static table b64xtable with a signed char, so any !!binary byte = 0x80 sign-extends to a negative index and...
CVE-2026-44176 Kirby: `pages.access` permission is not checked during rendering of page drafts
Kirby is an open-source content management system. Versions prior to 4.9.1 and 5.4.1 do not check the pages.access permission during page draft rendering. Permissions are defined for each user role in the user blueprint site/blueprints/users/.... It is also possible to customize the permissions f...
CVE-2026-33731 AVideo has an Authorize.Net Webhook Signature Bypass that Enables Wallet Balance Inflation via Forged Payment Data
WWBN AVideo is an open source video platform. In versions prior to 29.0, the Authorize.Net webhook handler at plugin/AuthorizeNet/webhook.php contains a signature verification bypass that allows an attacker to forge webhook requests with arbitrary payment amounts and target user IDs. By supplying...