161697 matches found
CVE-2026-9639 Authenticated Denial of Service via Malicious Backup Tarball in LXD
Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with cancreatestoragevolumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expiresat snapshot field...
CVE-2026-12411 Broken Access Control in Canonical LXD DevLXD API
Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled...
CVE-2026-45195 GPU DDK - rgxfw_set_mips_fault_address(&psInit->sFaultPhysAddr) is untrusted
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses...
CVE-2026-5757 There exists an unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine
Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence...
CVE-2026-21734 GPU DDK - libusc OOB write at TreeRemove during WebGPU shader compilation
A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An...
CVE-2026-57667 WordPress Groundhogg plugin <= 4.5 - SQL Injection vulnerability
Sales Representative SQL Injection in Groundhogg = 4.5 versions...
CVE-2026-57665 WordPress GravityView plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References IDOR in GravityView = 3.0.0 versions...
CVE-2026-57663 WordPress Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.2.7 - SQL Injection vulnerability
Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes = 8.2.7 versions...
CVE-2026-57664 WordPress Bopo – WooCommerce Product Bundle Builder plugin <= 1.1.6 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder = 1.1.6 versions...
CVE-2026-57662 WordPress Contest Gallery plugin <= 30.0.0 - SQL Injection vulnerability
Contributor SQL Injection in Contest Gallery = 30.0.0 versions...
CVE-2026-57660 WordPress Booking and Rental Manager plugin <= 2.7.1 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Booking and Rental Manager = 2.7.1 versions...
CVE-2026-57661 WordPress WPComplete plugin <= 2.9.5.5 - Broken Access Control vulnerability
Subscriber Broken Access Control in WPComplete = 2.9.5.5 versions...
CVE-2026-57659 WordPress Paid Memberships Pro - Add Member From Admin plugin <= 0.7.2 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in Paid Memberships Pro - Add Member From Admin = 0.7.2 versions...
CVE-2026-57657 WordPress Gmail SMTP plugin <= 1.2.3.19 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in Gmail SMTP = 1.2.3.19 versions...
CVE-2026-57658 WordPress TemplateSpare plugin <= 4.2.0 - Arbitrary File Upload vulnerability
Administrator Arbitrary File Upload in TemplateSpare = 4.2.0 versions...
CVE-2026-57656 WordPress Hester Core plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability
Author Cross Site Scripting XSS in Hester Core = 1.1.8 versions...
CVE-2026-57655 WordPress Child theme Wizard plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in Child Theme Wizard = 1.4 versions...
CVE-2026-57654 WordPress Affiliates Manager plugin <= 2.9.49 - Broken Access Control vulnerability
Affiliate Broken Access Control in Affiliates Manager = 2.9.49 versions...
CVE-2026-57653 WordPress WP Job Portal plugin <= 2.5.2 - SQL Injection vulnerability
Contributor SQL Injection in WP Job Portal = 2.5.2 versions...
CVE-2026-57651 WordPress Ghost Kit plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability
Contributor Cross Site Scripting XSS in Ghost Kit = 3.6.0 versions...
CVE-2026-57652 WordPress JS Help Desk plugin <= 3.1.0 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References IDOR in JS Help Desk = 3.1.0 versions...
CVE-2026-57650 WordPress Magazine Blocks plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability
Contributor Cross Site Scripting XSS in Magazine Blocks = 1.8.3 versions...
CVE-2026-57649 WordPress Shoppable Images Lite plugin <= 1.3 - Broken Access Control vulnerability
Subscriber Broken Access Control in Shoppable Images Lite = 1.3 versions...
CVE-2026-57648 WordPress Nelio Content plugin <= 4.3.4 - Broken Access Control vulnerability
Contributor Broken Access Control in Nelio Content = 4.3.4 versions...
CVE-2026-57646 WordPress Majestic Support plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerability
Subscriber Insecure Direct Object References IDOR in Majestic Support = 1.1.7 versions...
CVE-2026-57647 WordPress Panorama Viewer – 360 Degree Image + Video Viewer plugin <= 1.6.1 - Local File Inclusion vulnerability
Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer = 1.6.1 versions...
CVE-2026-57645 WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability
newsletterssubscribers Broken Access Control in Newsletters = 4.13 versions...
CVE-2026-57643 WordPress WP Post Author plugin <= 3.9.1 - SQL Injection vulnerability
Contributor SQL Injection in WP Post Author = 3.9.1 versions...
CVE-2026-57644 WordPress Restaurant Menu by MotoPress plugin <= 2.4.10 - SQL Injection vulnerability
Contributor SQL Injection in Restaurant Menu by MotoPress = 2.4.10 versions...
CVE-2026-57642 WordPress Gallery plugin <= 4.7.8 - SQL Injection vulnerability
Contributor SQL Injection in Gallery = 4.7.8 versions...
CVE-2026-57641 WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in Real Estate 7 = 3.5.9 versions...
CVE-2026-57640 WordPress MasterStudy LMS plugin <= 3.7.30 - Broken Access Control vulnerability
Subscriber Broken Access Control in MasterStudy LMS = 3.7.30 versions...
CVE-2026-57638 WordPress Fluent Booking plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability
Contributor Cross Site Scripting XSS in Fluent Booking = 2.1.0 versions...
CVE-2026-57636 WordPress wpForo Forum plugin <= 3.0.9 - SQL Injection vulnerability
Contributor SQL Injection in wpForo Forum = 3.0.9 versions...
CVE-2026-57637 WordPress Abandoned Cart Lite for WooCommerce plugin <= 6.8.0 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in Abandoned Cart Lite for WooCommerce = 6.8.0 versions...
CVE-2026-57635 WordPress FunnelKit Payment Gateway for Stripe WooCommerce plugin <= 1.14.0.3 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in FunnelKit Payment Gateway for Stripe WooCommerce = 1.14.0.3 versions...
CVE-2026-57633 WordPress WCBoost – Products Compare plugin <= 1.1.0 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in WCBoost Products Compare = 1.1.0 versions...
CVE-2026-57634 WordPress PPWP plugin <= 1.9.19 - Insecure Direct Object References (IDOR) vulnerability
Contributor Insecure Direct Object References IDOR in PPWP = 1.9.19 versions...
CVE-2026-57632 WordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.19.0 - Broken Access Control vulnerability
Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend = 1.19.0 versions...
CVE-2026-57630 WordPress Blocksy Companion Pro plugin <= 2.1.46 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References IDOR in Blocksy Companion Pro = 2.1.46 versions...
CVE-2026-57631 WordPress Popup box plugin <= 6.0.1 - SQL Injection vulnerability
Administrator SQL Injection in Popup box = 6.0.1 versions...
CVE-2026-57629 WordPress StatCounter plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability
Contributor Cross Site Scripting XSS in StatCounter = 2.1.1 versions...
CVE-2026-57628 WordPress WP All Import plugin <= 4.0.1 - SQL Injection vulnerability
Administrator SQL Injection in WP All Import = 4.0.1 versions...
CVE-2026-57627 WordPress Kirki plugin <= 6.0.11 - Server Side Request Forgery (SSRF) vulnerability
Subscriber Server Side Request Forgery SSRF in Kirki = 6.0.11 versions...
CVE-2026-57622 WordPress WPCafe plugin <= 3.0.14 - Broken Access Control vulnerability
Subscriber Broken Access Control in WPCafe = 3.0.14 versions...
CVE-2026-57617 WordPress SeedProd Pro plugin < 6.19.5 - Cross Site Scripting (XSS) vulnerability
Contributor Cross Site Scripting XSS in SeedProd Pro 6.19.5 versions...
CVE-2026-57618 WordPress Neve PRO theme <= 3.1.2 - Cross Site Scripting (XSS) vulnerability
Contributor Cross Site Scripting XSS in Neve PRO = 3.1.2 versions...
CVE-2026-57431 WordPress Featured Image plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability
Author Cross Site Scripting XSS in Featured Image = 2.1 versions...
CVE-2026-57325 WordPress NanoMag theme <= 1.8 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in NanoMag = 1.8 versions...
CVE-2026-57430 WordPress SEOPress PRO plugin <= 9.1.1 - Broken Access Control vulnerability
Contributor Broken Access Control in SEOPress PRO = 9.1.1 versions...