368949 matches found
CVE-2026-57737
Affect: WordPress plugin Shortcodes and extra features for Phlox theme (Averta LTD). Vulnerability: Cross-Site Scripting (XSS) of DOM-based type due to improper neutralization of input during web page generation. Affected versions: from n/a through 2.17.16. Context: The issue is documented across...
CVE-2026-57736
CVE-2026-57736 affects the WordPress HubSpot plugin (versions
CVE-2026-46680
CVE-2026-46680 concerns containerd, the container runtime. A flaw in how numeric User directives are parsed (not a 32-bit integer) can cause such values to be treated as usernames, enabling runAsNonRoot evasion. If a crafted image supplies an /etc/passwd mapping that maps this large numeric strin...
CVE-2026-58521
The CVE-2026-58521 entry concerns an SQL injection in the Wikimedia Foundation MediaWiki Cargo Extension. According to connected sources, the vulnerability arises from improper neutralization of special elements in SQL commands, affecting MediaWiki Cargo Extension versions before 1.43.9, 1.44.6, ...
CVE-2026-49091
CVE-2026-49091 affects Kibana and is caused by improper output neutralization for logs (CWE-117), enabling log injection when log content is viewed in terminals that interpret control sequences. Affected: Kibana 7.x up to 7.17.14 and 8.x up to 8.11.0. Remedies: upgrade to 7.17.15 or 8.11.1; mitig...
CVE-2026-49090
CVE-2026-49090 affects Elasticsearch and is caused by Uncontrolled Resource Consumption (CWE-400) via the bulk API, where an authenticated user can submit specially crafted bulk requests that trigger sustained high CPU and can render a node unresponsive. The issue is publicly discussed in Elastic...
CVE-2026-58520
CVE-2026-58520 affects the Wikimedia Foundation Mediawiki UrlShortener Extension. The issue is an open redirect: URL redirection to an untrusted site in the UrlShortener extension, impacting versions from before 1.43.9, 1.44.6, and 1.45.4. The connected documents provide the vulnerability descrip...
CVE-2026-5051
CVE-2026-5051 affects HashiCorp Vault and Vault Enterprise prior to 2.0.1. The audit device plugin directory guard could be bypassed when using the legacy file audit path option, because the file audit backend accepted the legacy path as a fallback and did not validate the destination against the...
CVE-2026-57723
CVE-2026-57723 affects the WordPress plugin VikBooking Hotel Booking Engine & PMS (e4jvikwp) up to version 1.8.12. The vulnerability is a CSRF to Arbitrary File Deletion issue, described as enabling path traversal that can delete arbitrary files. The CVE notes a HIGH impact with a CVSS 3.1 score ...
CVE-2026-57722
The CVE-2026-57722 entry concerns the WordPress plugin Enable Media Replace (versions up to and including 4.2.1). The vulnerability is described as a Stored Cross-Site Scripting (XSS) caused by improper neutralization of input during web page generation. Affected component: the Enable Media Repla...
CVE-2026-54428
The CVE concerns Apache HttpComponents Core HPACK decoder: on HTTP/2, the HPACK decoder may allocate resources without limits or throttling, allowing a remote attacker to cause memory exhaustion and denial of service. Affected versions are 5.4.2 and earlier, and 5.5-beta1 and earlier. The issue o...
CVE-2026-54399
The CVE concerns Apache HttpComponents Core and a vulnerability in the HTTP/1.1 message parser causing memory exhaustion via an excessive number of headers or header length. Affected versions cited in public CVE records include 5.4.2 and earlier and 5.5-beta1 and earlier; a separate vendor-facing...
CVE-2026-49088
Kibana security advisory CVE-2026-49088 describes that when optional APM instrumentation is enabled, sensitive request header values may be logged in application logs, risking information disclosure (CWE-532). Affected versions include Kibana 8.x up to 8.18.8, 8.19.0–8.19.5, and 9.x 9.0.0–9.0.7, ...
CVE-2026-57721
The CVE-2026-57721 entry concerns the WordPress WP Reloaded ApplyOnline plugin, affected versions include up to 2.6.7.6. The issue is described as a Missing Authorization vulnerability caused by Incorrectly Configured Access Control security levels, which implies a broken access control condition...
CVE-2026-57720
The CVE-2026-57720 entry concerns the WordPress ThumbPress plugin (
CVE-2026-12480
CVE-2026-12480 affects Keras up to 3.13.2. The root cause is an incomplete fix for CVE-2026-1669 in H5IOStore._verify_dataset() and file_editor.py, where the code fails to check the dataset.is_virtual property of HDF5 datasets. This allows an attacker to craft a malicious .keras model archive or ...
CVE-2026-57516
Ray prior to 2.56.0 is affected via the WebDataset reader flaw in which _default_decoder() deserializes tar entries using pickle.loads for .pkl/.pickle and torch.load for .pt/.pth, enabling remote code execution inside Ray remote workers when processing a malicious tar archive. Affected component...
CVE-2026-49087
The CVE-2026-49087 issue concerns Kibana: Allocation of Resources Without Limits or Throttling (CWE-770) leading to a denial of service (CAPEC-130). An authenticated user can submit a crafted bulk deletion request that inflates resource use and can render Kibana unavailable. Connected sources spe...
CVE-2026-56152
Summary: CVE-2026-56152 concerns Elastic Defend. Affected component is the Elastic Defend response actions where an authorization check failure allowed a low-privileged authenticated user to access response action data they should not view (CWE-863, CAPEC-1). Impact details (as described): The vu...
CVE-2026-20243
CVE-2026-20243 describes a DoS-style vulnerability in ClamAV caused by memory corruption during ALZ archive parsing. The issue stems from improper boundary checks for content in ALZ files, leading to an out-of-bounds buffer write when a crafted ALZ file is scanned by vulnerable ClamAV instances. ...