370189 matches found
CVE-2026-10540
CVE-2026-10540 affects Control-M/Enterprise Manager (unsupported versions 9.0.20.x and potentially earlier). The vulnerability stems from weak protections for stored password hashes, potentially allowing offline password recovery if credential data is obtained. The CVSS metrics indicate a Local a...
CVE-2026-12577
CVE-2026-12577 affects DVP80ES3 and is due to an improperly implemented security check for a standard vulnerability. The NVD entry lists a CVSS v4.0 base score of 8.7 (HIGH): network attack vector, low attack complexity, no user interaction required. Impacts: availability HIGH, confidentiality/in...
CVE-2026-12576
Technical details about CVE-2026-12576 are not publicly available in the provided documents. Monitor for updates from official sources for affected components, impact, and remediation information.
CVE-2026-12575
Technical details for CVE-2026-12575 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-50043
SkyBridge MB-A100/MB-A110 are affected by CVE-2026-50043: improper neutralization of special elements used in an OS command (OS Command Injection). If an attacker can log in with administrative privileges, arbitrary OS commands may be executed. The connected documents do not specify a patch or wo...
CVE-2026-12224
The CVE-2026-12224 entry concerns the Dokan Pro plugin for WordPress. The vulnerability arises in the update_capabilities REST endpoint, which accepts arbitrary capability strings from the request body and passes them to WP_User::add_cap() without allowlist validation, with only the caller’s doka...
CVE-2026-56016
CVE-2026-56016 (CGI::Session::ID::md5) affects Perl CGI::Session versions before 4.49. The vulnerable code path uses generate_id to build a session id from a MD5 digest of the process ID, epoch time, and rand(), all low-entropy/predictable sources. This enables an attacker to predict session IDs ...
CVE-2026-11880
The CVE-2026-11880 entry concerns Fluent Forms WordPress plugin versions prior to 6.2.1, where ownership is not properly verified before processing a subscription cancellation request. This allows authenticated users with a low-privilege account to cancel subscriptions belonging to other users du...
CVE-2026-11794
The CVE-2026-11794 entry concerns the WordPress plugin “Advanced Form Integration — Connect Forms to 200+ Apps” up to version 2.1.1. Affected behavior: when creating a user from a public form submission, the plugin does not enforce the WordPress role, which can allow unauthenticated visitors to c...
CVE-2026-11570
CVE-2026-11570 affects the User Submitted Posts WordPress plugin prior to 20260608, where an input value is not escaped before being output in an admin-configured display template, allowing unauthenticated users to trigger a Stored XSS when a non-default display option is enabled. The issue is de...
CVE-2026-11883
CVE-2026-11883 affects the WebAuthn Provider for Two Factor WordPress plugin (before 2.5.6). The vulnerability arises from incorrect validation of the second-factor authentication response, enabling an attacker who already knows a user’s password to bypass 2FA by submitting a malformed request. T...
CVE-2026-11887
The CVE concerns the Salon Booking System WordPress plugin prior to 10.30.20. Affected component: an AJAX action without proper authorization checks, enabling any authenticated user (e.g., a subscriber) to modify the plugin’s settings and bypass manual approval of new bookings. Root cause: insuff...
CVE-2026-11568
The Product Configurator for WooCommerce WordPress plugin prior to 1.7.3 exposes protected product data via a public AJAX action without any authorization or post-status checks. Unauthenticated users can retrieve data for private and draft (non-public) products by supplying the product ID, bypass...
CVE-2026-10750
CVE-2026-10750 concerns the Royal MCP WordPress plugin prior to 1.4.26. The issue arises because the plugin does not perform capability checks on most MCP tools after token authentication, enabling authenticated, low-privilege users (e.g., Subscriber) to read private content, enumerate users and ...
CVE-2026-11562
CVE-2026-11562 : The WS Form LITE WordPress plugin is vulnerable prior to version 1.11.8 due to a missing capability check on a settings-update action. This allows authenticated users with subscriber-level access and above to modify the plugin’s settings. Impact is limited to settings modificatio...
CVE-2025-15666
Open Asset Import Library Assimp (up to 5.4.3) contains a heap-based buffer overflow in Assimp::SceneCombiner::Copy (file code/Common/SceneCombiner.cpp) caused by manipulation of the width/height argument. Local attack required; exploit disclosed publicly (CVSS metrics indicate PoC maturity). No ...
CVE-2026-1239
The CVE-2026-1239 entry concerns the WordPress plugin Ninja Forms – The Contact Form Builder That Grows With You. A missing authorization check on the REST callback ninja-forms-views/token/refresh affects all versions up to and including 3.14.1, permitting unauthenticated attackers to view form s...
CVE-2026-11823
The CVE-2026-11823 entry concerns the BookingPress Appointment Booking Pro plugin for WordPress, affected up to version 5.7.1. The vulnerability is a SQL Injection via the store_service_date parameter of the bpa_assign_staffmember_to_slots() function. Root cause: user-supplied POST data is passed...
CVE-2026-14193
The vulnerability CVE-2026-14193 affects the DVP80ES300T device and is described as an Improper Validation of Array Index vulnerability. In the provided data, the CVSS v3.1 base score is 7.5 ( HIGH ), with Network attack vector, no privileges required, no user interaction, and availability impact...
CVE-2026-12579
Technical details (affected products, root cause, remediation) are not publicly available in the provided documents. Monitor for updates from vendors and CVE/NVD entries.