368547 matches found
CVE-2026-4321
CVE-2026-4321 describes a SQL injection in Raera’s Destekz product (Destekz: through 02062026). Root cause: improper neutralization of special elements used in SQL commands. Impacted properties include confidentiality, integrity, and availability (CVSS 3.1 base score 9.8). Exploitation details fr...
CVE-2026-35159
Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure. Affects Dell Client Platform BIOS; root cause and remediation details ar...
CVE-2026-11398
The CVE concerns LatePoint for WordPress, affecting all versions up to 5.6.1. It allows unauthenticated users to bypass authorization and modify PII (first name, last name, phone, notes) of any customer record by submitting a booking form with a known email when guest bookings are enabled (is_cus...
CVE-2026-9756
CVE-2026-9756 (GenerateBlocks for WordPress) : The WordPress GenerateBlocks plugin is vulnerable to a Stored Cross-Site Scripting (XSS) via the Headline Block’s dynamic link attribute (linkMetaFieldType) in all versions up to 2.2.1. Root cause: insufficient input sanitization and output escaping ...
CVE-2026-4804
The Zakra WordPress theme (
CVE-2026-11900
The CVE-2026-11900 entry concerns the WordPress plugin Ad Inserter – Ad Manager & AdSense Ads up to version 2.8.16. It is vulnerable to an Insecure Direct Object Reference via the shortcodes’ data attribute. The replace_ai_tags() function processes a {reusable-block-N} pattern by calling get_post...
CVE-2026-11778
The CVE-2026-11778 entry concerns the CURCY – Multi Currency for WooCommerce plugin for WordPress (Smoothly on WooCommerce) up to version 2.2.14. The root cause is that the plugin executes actions without proper validation of a value before running do_shortcode, enabling unauthenticated attackers...
CVE-2026-47896
The CVE-2026-47896 entry concerns Apache Lucene.Net.Replicator. Affected versions are 4.8.0-beta00005 through 4.8.0-beta00017, with a fix in 4.8.0-beta00018. The root cause is an improper limitation of a pathname to a restricted directory, i.e., a path traversal vulnerability. The CVE record on C...
CVE-2026-47897
CVE-2026-47897 is a path traversal vulnerability in Apache Lucene.Net.Replicator. Affected: Lucene.Net.Replicator library (versions from 4.8.0-beta00005 up to, but before, 4.8.0-beta00018). Root cause: improper limitation of a pathname to a restricted directory, enabling potential access to restr...
CVE-2026-47898
CVE-2026-47898 is an XXE vulnerability in Apache Lucene.Net, specifically in the Lucene.Net.Analysis.Common library. Affected versions are 4.8.0-beta00005 up to before 4.8.0-beta00018. The root cause is improper restriction of XML External Entity references. Successful exploitation could arise fr...
CVE-2026-8804
The CVE concerns Puppet’s resource_api (bundled with Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x). A vulnerability exists where the sensitive flag on parameters defined via the resource-api is not preserved, causing values such as passwords to be stored in cleartext in the agent’s l...
CVE-2026-14544
CVE-2026-14544 concerns HPLIP (HP Linux Imaging and Printing Software) with an integer overflow in the hpcups processing path when handling specially crafted print data. This is described as an incomplete fix for CVE-2026-8631. The vulnerability may allow a remote attacker to escalate privileges ...
CVE-2026-9148
The Comments – wpDiscuz plugin for WordPress (affected: versions up to 7.6.56) is vulnerable to Stored XSS via the guest commenter field Website. The root cause is insufficient output escaping in getCommentAuthor(), which interpolates the stored comment_author_url directly into single-quoted HTML...
CVE-2026-9230
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress
CVE-2026-8351
CVE-2026-8351 concerns the RTMKit plugin for WordPress, vulnerable up to version 2.0.7. The flaw is a Stored Cross-Site Scripting in the Advanced Heading widget via the 'Background Text' parameter. The render() function concatenates the value directly into an HTML attribute without applying esc_a...
CVE-2026-51535
Technical details for CVE-2026-51535 are not publicly available in the provided documents. No affected products, versions, or fixes are listed. Monitor for updates.
CVE-2026-9547
CVE-2026-9547 describes an SSH host-validation flaw in libcurl: when a libcurl-based application uses SCP/SFTP with CURLOPT_SSH_KEYFUNCTION, a host key type mismatch may be silently accepted, allowing a connection to succeed without warning and enabling potential man-in-the-middle attacks. The is...
CVE-2026-9546
CVE-2026-9546 details (libcurl): A vulnerability causes the HTTP Referer header to persist after CURLOP_REFERER is set to NULL, due to failure to clear internal per-handle state. As a result, the previous referrer can be reused in subsequent requests, potentially leaking sensitive data to uninten...
CVE-2026-9545
CVE-2026-9545 describes an information-disclosure in curl/libcurl when using HTTP/3 early data with a cached SSL session. In the scenario, a site is initially served by a legitimate HTTP/3 server, but on a second transfer to the same hostname the connection is constructed to a counterfeit host (i...
CVE-2026-9080
CVE-2026-9080 is a use-after-free in libcurl triggered when curl_easy_pause() is called from a socket callback (CURLMOPT_SOCKETFUNCTION). The event-path code re-enters the eviction/assessment flow and may free the associated sh_entry; the fix added a post-callback re-fetch of that entry in mev_sh...