363957 matches found
CVE-2026-48779 ws: Memory exhaustion DoS from tiny fragments and data chunks
Technical details for CVE-2026-48779 are not publicly available in the provided documents. Monitor for updates from the listed sources; the initial description includes affected versions and fixes, but no further technical specifics are provided here.
CVE-2026-25470 WordPress ACPT (Pro) - Custom Post Types plugin for WordPress plugin <= 2.0.47 - Remote Code Execution (RCE) vulnerability
CVE-2026-25470 : Unauthenticated RCE in WordPress ACPT (Pro) – Custom Post Types Plugin for WordPress (ACPT) 2.0.47 if available; no public patch details provided in the documents. Exploitation status is not provided in the connected documents. Monitor for updates and vendor advisories for a con...
CVE-2026-39598 WordPress Academy LMS Pro plugin < 3.5.2 - Arbitrary File Upload vulnerability
CVE-2026-39598 concerns WordPress Academy LMS Pro plugin (pre-3.5.2). The vulnerability is an Unrestricted Upload of File with a Dangerous Type, enabling an attacker to upload a web shell to the web server. Affected: Academy LMS Pro prior to 3.5.2. CVSS 3.1 metrics indicate NETWORK attack Vector,...
CVE-2026-49073 WordPress Directorist Booking plugin <= 3.0.3 - SQL Injection vulnerability
Summary: CVE-2026-49073 affects the WordPress plugin Directorist Booking (wpWax Directorist Booking) versions up to 3.0.3. The issue is an SQL Injection in the plugin, allowing blind SQL injection through improper neutralization of special elements in SQL commands. The CVSSBase score is 8.5 (HIGH...
CVE-2026-48055 Streambert: Arbitrary File Write (Zip Slip) via Subtitle Extraction
Streambert (Electron-based desktop app) has a Zip Slip vulnerability in its subtitle extraction logic affecting versions up to 2.4.0. The code concatenates raw archive entry names to a temporary directory, enabling path traversal and arbitrary file writes if a malicious ZIP with traversal sequenc...
CVE-2026-53622
This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided...
CVE-2026-11409 OS Command Injection in IPv6 PPPoE Configuration in TP-Link TL-WR940N
The CVE-2026-11409 entry concerns an authenticated OS command injection in the IPv6 PPPoE configuration handler of TL-WR940N v6. The vulnerability arises from improper sanitization of user input, allowing an authenticated attacker with administrative access to execute arbitrary system commands wi...
CVE-2026-11410 OS Command Injection in BigPond Cable (BPA) Configuration in TP-Link TL-WR940N
The CVE-2026-11410 entry concerns TL-WR940N v6 (BigPond Cable BPA WAN config) with an authenticated OS command injection caused by improper input sanitization in the configuration module. An administrator can trigger arbitrary command execution with elevated privileges on the device via the BPA W...
CVE-2026-49080 WordPress wpDataTables plugin <= 7.3.6 - SQL Injection vulnerability
CVE-2026-49080 : Unauthenticated SQL Injection affecting the WordPress plugin wpDataTables, version
CVE-2026-49113 WordPress Cornerstone plugin < 7.8.8 - Arbitrary Code Execution vulnerability
The CVE-2026-49113 entry concerns the WordPress Cornerstone plugin, affected versions earlier than 7.8.8. It describes a Subscriber-level Arbitrary Code Execution vulnerability, with CVSSv3.1 metrics indicating a NETWORK attack vector, HIGH impact on confidentiality, integrity, and availability, ...
CVE-2026-49057 WordPress JobSearch plugin <= 3.2.7 - Broken Access Control vulnerability
The CVE-2026-49057 entry concerns the WordPress JobSearch plugin (≤ 3.2.7) with Unauthenticated Broken Access Control. Concrete details found: affected software/product is WordPress JobSearch plugin; vulnerable component/condition is broken access control without authentication; impact is describ...
CVE-2026-48869 WordPress Enfold theme <= 7.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2026-48869 : The WordPress Enfold theme (versions
CVE-2026-40761 WordPress Valeska theme <= 1.2.2 - PHP Object Injection vulnerability
WordPress Theme Valeska <= 1.2.2 is affected by an unauthenticated PHP Object Injection vulnerability. Affected component: Valeska theme (WordPress). Root cause: PHP object injection in versions
CVE-2026-40760 WordPress Behold theme <= 1.5 - PHP Object Injection vulnerability
WordPress Behold theme
CVE-2026-40759 WordPress Esmée theme <= 1.4 - PHP Object Injection vulnerability
CVE-2026-40759 affects WordPress Esmée theme versions
CVE-2026-40758 WordPress Léonie theme <= 1.2.1 - PHP Object Injection vulnerability
The CVE concerns WordPress Léonie theme versions
CVE-2026-40754 WordPress Roisin theme <= 1.4 - PHP Object Injection vulnerability
CVE-2026-40754 concerns the WordPress Roisin theme (versions <= 1.4) with unauthenticated PHP Object Injection. Public references describe an object-injection vulnerability in Roisin
CVE-2026-40755 WordPress TechLink theme <= 1.3 - PHP Object Injection vulnerability
CVE-2026-40755 affects WordPress TechLink theme versions
CVE-2026-40751 WordPress Ashtanga theme <= 1.2 - PHP Object Injection vulnerability
CVE-2026-40751 affects WordPress Theme Ashtanga versions
CVE-2026-40739 WordPress LuxeDrive theme <= 1.4 - PHP Object Injection vulnerability
CVE-2026-40739 affects the WordPress LuxeDrive theme versions