368638 matches found
CVE-2026-50290
Technical details for CVE-2026-50290 are not publicly available in the provided documents; monitor for updates.
CVE-2026-50288
Technical details are not publicly available in the provided documents. Monitor for updates as information about CVE-2026-50288 may be released later.
CVE-2026-13743
CVE-2026-13743 affects CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20. The issue is an improper verification of cryptographic signatures that allows an attacker with physical access to upload arbitrary malicious firmware without authentication. Per the sources, impact includes ...
CVE-2026-7311
The TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress (up to version 3.6.13) is vulnerable to arbitrary file deletion due to insufficient file path validation in delete_converted_image_size. Authenticated attackers with author-level access can delete arbitrary files on the server ...
CVE-2026-44454
Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-44454.
CVE-2026-58465
The CVE affects Eclipse Wakaama before snapshot/2026-05-26, with an unbounded memory allocation in the CoAP Block1 handler (coap/block.c). Unauthenticated remote attackers can exhaust memory by sending a sequence of Block1 PUT requests with incrementing block numbers to the registration endpoint ...
CVE-2026-52854
Technical details for CVE-2026-52854 are not publicly available in the provided documents. The entry appears reserved with no exposed vulnerability information. Monitor for updates when details are published.
CVE-2026-50180
Technical details for CVE-2026-50180 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-50181
Technical details for CVE-2026-50181 are not publicly available in the provided documents. No affected products, impact, vectors, or remediation are disclosed. Monitor for updates.
CVE-2026-50192
Technical details for CVE-2026-50192 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-50185
Technical details for CVE-2026-50185 are not publicly available in the provided documents. Monitor for updates as information may be disclosed later.
CVE-2026-50149
Technical details for CVE-2026-50149 are not publicly available in the provided documents. Monitor for updates; no affected products, impact, or remediation information is available.
CVE-2026-38057
Technical details for CVE-2026-38057 are not publicly available in the provided documents. Monitor for updates from official advisories.
CVE-2026-38059
Technical details for CVE-2026-38059 are not publicly available in the provided documents. The entry remains reserved with no disclosed impact, affected products, or remediation in the supplied data. Monitor for updates from official advisories.
CVE-2024-58352
Landray OA contains an unauthenticated HQL injection via the wechatLoginHelper.do endpoint. An attacker can inject malicious HQL into the uid parameter, abusing the string-concatenated filter expression passed to Hibernate findList() to query arbitrary entity classes. This can lead to extraction ...
CVE-2022-50973
Summary: CVE-2022-50973 affects Yonyou KSOA 9.0. The issue is an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet. Exploitation requires no authentication and relies on attacker-controlled filepath and filename parameters, with no validation of file t...
CVE-2024-14037
Redsea Cloud eHR contains an unauthenticated arbitrary file upload vulnerability (CVE-2024-14037) affecting the PtFjk.mob servlet endpoint. An attacker can submit a multipart POST with a JSP webshell disguised by a spoofed image/jpeg Content-Type to bypass extension/MIME validation, uploading the...
CVE-2026-8699
CVE-2026-8699 reports a stored Cross-Site Scripting (XSS) vulnerability in the Archer C5 web-based management interface (v6.8). Root cause: insufficient server-side validation and lack of proper output encoding for a specific input field, allowing an admin-level attacker to inject crafted HTML/JS...
CVE-2026-50282
Craft CMS contains an authorization issue in AssetsController::actionMoveFolder where calling with force=true to move a folder into a destination with a conflicting name can overwrite and delete the destination folder without destination delete permission. Affected versions are 5.0.0-RC1 and abov...
CVE-2026-54891
The CVE-2026-54891 entry concerns Erlang/OTP ssl (tls_gen_connection.erl) where a network-positioned attacker can inject unauthenticated plaintext during TLS handshake. The tls_gen_connection:handle_protocol_record/3 function rejects APPLICATION_DATA in pre-handshake when acting as a server, but ...