161693 matches found
CVE-2026-13437
Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API...
CVE-2026-13742 Lack of signature verification before execution of downloaded content
Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends...
CVE-2026-13581 Edimax EW-7478APC POST Request formStaDrvSetup os command injection
A vulnerability was detected in Edimax EW-7478APC 1.04. This vulnerability affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. The manipulation of the argument rootAPmac results in os command injection. The attack can be executed remotel...
CVE-2026-13580 Edimax EW-7478APC POST Request formQoS buffer overflow
A security vulnerability has been detected in Edimax EW-7478APC 1.04. This affects the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. Remote exploitation of the attack is possible. The exploit...
CVE-2026-13579 itsourcecode Hospital Management System patientchangepassword.php sql injection
A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /patientchangepassword.php. Executing a manipulation of the argument newpassword can lead to sql injection. The attack may be launched remotely. The...
CVE-2026-49049 Joomla Extension - joomshaper.com - Unauthenticated access to Helix3 template ajax handler
The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters...
CVE-2026-56290 Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0
The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...
CVE-2026-13578 itsourcecode Hospital Management System patientdetail.php sql injection
A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patientdetail.php. Performing a manipulation of the argument editid results in sql injection. The attack may be initiated remotely. The explo...
CVE-2026-55844 Home Assistant: iOS Companion App ignores internal SSID allowlist for connections – possible leak of access token and sensor data
Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2025.5.0, The iOS companion app ignores the SSID allowlist for internal networks. The app uses SSID to detect when to use the internal URL, but whenever the app cannot find any other URL to ...
CVE-2026-13574 llvm llvm-project Bitcode File IntrinsicInst.cpp getBasePtr heap-based overflow
A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on th...
CVE-2026-55607 Claude Code: Sandbox Escape via Git Worktree Path Confusion Allows Unsandboxed Code Execution
Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git fsmonitor...
CVE-2026-46406 Claude Code: Insecure Temporary File in /copy Command Enables Response Disclosure and Symlink-Based File Write
Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable...
CVE-2026-13573 llvm llvm-project ValueSymbolTable ValueSymbolTable.cpp insert stack-based overflow
A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The...
CVE-2026-56124 phpUploader < 2.0.2 Unauthenticated Database Exposure via index model
phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploaded-files database table by visiting any page of the application. The index model executes an unbounded SELECT query and embeds the comple...
CVE-2026-13572 itsourcecode Hospital Management System insertbillingrecord.php sql injection
A vulnerability has been found in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of the file /insertbillingrecord.php. The manipulation of the argument patientid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...
CVE-2026-57341 WordPress Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin <= 2.9.0 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References IDOR in Colissimo Officiel : Méthodes de livraison pour WooCommerce = 2.9.0 versions...
CVE-2026-57340 WordPress Japanized For WooCommerce plugin <= 2.9.12 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Japanized For WooCommerce = 2.9.12 versions...
CVE-2026-57339 WordPress Business Directory plugin <= 6.4.23 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Business Directory = 6.4.23 versions...
CVE-2026-57338 WordPress ARForms plugin <= 7.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in ARForms = 7.1.2 versions...
CVE-2026-57337 WordPress Landing Page Builder plugin <= 1.5.3.5 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Landing Page Builder = 1.5.3.5 versions...
CVE-2026-57336 WordPress Jobify theme <= 4.3.2 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Jobify = 4.3.2 versions...
CVE-2026-57335 WordPress Ads by WPQuads plugin <= 3.0.3 - Broken Access Control vulnerability
Subscriber Broken Access Control in Ads by WPQuads = 3.0.3 versions...
CVE-2026-57334 WordPress WP User Frontend plugin <= 4.3.7 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in WP User Frontend = 4.3.7 versions...
CVE-2026-57333 WordPress Link Whisper Free plugin <= 0.9.4 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Link Whisper Free = 0.9.4 versions...
CVE-2026-57332 WordPress Wallet System for WooCommerce plugin <= 2.7.6 - Broken Access Control vulnerability
Subscriber Broken Access Control in Wallet System for WooCommerce = 2.7.6 versions...
CVE-2026-57330 WordPress MasterStudy LMS plugin <= 3.7.27 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting XSS in MasterStudy LMS = 3.7.27 versions...
CVE-2026-57331 WordPress Paid Videochat Turnkey Site plugin <= 7.4.8 - Arbitrary File Deletion vulnerability
Performer Arbitrary File Deletion in Paid Videochat Turnkey Site = 7.4.8 versions...
CVE-2026-57329 WordPress WooCommerce Designer Pro plugin <= 1.9.34 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting XSS in WooCommerce Designer Pro = 1.9.34 versions...
CVE-2026-57327 WordPress MainWP plugin <= 6.1.1 - Broken Access Control vulnerability
Subscriber Broken Access Control in MainWP = 6.1.1 versions...
CVE-2026-57328 WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...
CVE-2026-57326 WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Business Directory = 6.4.22 versions...
CVE-2026-57320 WordPress BEAR plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in BEAR = 1.1.8 versions...
CVE-2026-13571 SourceCodester Simple Food Ordering System cart.php logic error
A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument itemprice can lead to business logic errors. The attack may be performed from remote. The exploit has been published...
CVE-2026-13676 fast-uri vulnerable to host confusion via failed IDN canonicalization
fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...
CVE-2026-11979 Stack-Based Buffer Overflow in libxml2
libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell function processes user input using fixed-size stack buffers without proper bounds checking. By supplying an overly long input line, an attacker can overflow intern...
CVE-2026-56457 HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information
HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability in output logs. This exposure could allow an attacker with access to the logs to potentially obtain sensitive values related to that step...
CVE-2026-13570 SourceCodester Inventory Management System User Registration Endpoint users_handler.php cross site scripting
A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/usershandler.php of the component User Registration Endpoint. Performing a manipulation of the argument fullname results in cross site scripting. The attack is possible...
CVE-2026-13569 weng-xianhu EyouCMS API index.php sql injection
A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argument clicklike leads to sql injection. The attack can be executed remotely. The exploit has been...
CVE-2026-13568 SourceCodester Inventory Management System User Registration Endpoint users_handler.php access control
A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/usershandler.php of the component User Registration Endpoint. This manipulation of the argument role causes improper access controls. Remote exploitation of t...
CVE-2026-54371 attr < 2.6.0 Symlink Traversal Privilege Escalation via getfattr/setfattr
attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component ca...
CVE-2026-54370 acl < 2.4.0 TOCTOU Symlink Traversal via getfacl/setfacl/chacl
acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...
CVE-2026-54369 acl < 2.4.0 Symlink Traversal Privilege Escalation via libacl Functions
acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and acldeletedeffile that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who contr...
CVE-2026-12856 Vscode-java: vscode: command injection vulnerability in the javadoc hover provider of the vscode-java extension
A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...
CVE-2026-40521 FrontAccounting < 2.4.20 Path Traversal RCE via attachment upload
FrontAccounting before 2.4.20 contains a path traversal vulnerability in the attachment upload handler that allows authenticated attackers to execute arbitrary code by uploading files with traversal sequences in the uniquename parameter. Attackers can supply path traversal sequences...
CVE-2026-13567 code-projects Online Music Site POST Request Feedback.php cross site scripting
A security flaw has been discovered in code-projects Online Music Site 1.0. This affects an unknown part of the file /Frontend/Feedback.php of the component POST Request Handler. The manipulation of the argument fname/femail/faddress/fmessage results in cross site scripting. The attack may be...
CVE-2026-40522 FrontAccounting < 2.4.20 SQL Injection via rep601.php
FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM0 POST parameter. Attackers can supply malicious SQL syntax through the...
CVE-2026-40523 FrontAccounting < 2.4.20 SQL Injection via reporting/rep710.php
FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SAGLANALYTIC permission to execute arbitrary SQL queries by injecting malicious code into the PARAM2 and PARAM3 POST parameters. Attackers can exploit...
CVE-2026-40524 FrontAccounting < 2.4.20 SQL Injection via get_gl_transactions()
FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the getgltransactions function where the filtertype parameter is concatenated directly into a SQL IN clause without parameterization. Attackers with SAGLANALYTIC permission can inject arbitrary SQL by supplying a closing...
CVE-2026-13566 SourceCodester Class and Exam Timetabling System preview3.php sql injection
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /preview3.php. The manipulation of the argument courseyearsection leads to sql injection. The attack may be initiated remotely. The exploit is...
CVE-2026-13565 SourceCodester Class and Exam Timetabling System edit_class1.php sql injection
A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/1.php. Affected by this vulnerability is an unknown functionality of the file /editclass1.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The...