368646 matches found
CVE-2026-38057
Technical details for CVE-2026-38057 are not publicly available in the provided documents. Monitor for updates from official advisories.
CVE-2026-38059
Technical details for CVE-2026-38059 are not publicly available in the provided documents. The entry remains reserved with no disclosed impact, affected products, or remediation in the supplied data. Monitor for updates from official advisories.
CVE-2024-58352
Landray OA contains an unauthenticated HQL injection via the wechatLoginHelper.do endpoint. An attacker can inject malicious HQL into the uid parameter, abusing the string-concatenated filter expression passed to Hibernate findList() to query arbitrary entity classes. This can lead to extraction ...
CVE-2022-50973
Summary: CVE-2022-50973 affects Yonyou KSOA 9.0. The issue is an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet. Exploitation requires no authentication and relies on attacker-controlled filepath and filename parameters, with no validation of file t...
CVE-2024-14037
Redsea Cloud eHR contains an unauthenticated arbitrary file upload vulnerability (CVE-2024-14037) affecting the PtFjk.mob servlet endpoint. An attacker can submit a multipart POST with a JSP webshell disguised by a spoofed image/jpeg Content-Type to bypass extension/MIME validation, uploading the...
CVE-2026-8699
CVE-2026-8699 reports a stored Cross-Site Scripting (XSS) vulnerability in the Archer C5 web-based management interface (v6.8). Root cause: insufficient server-side validation and lack of proper output encoding for a specific input field, allowing an admin-level attacker to inject crafted HTML/JS...
CVE-2026-50282
Craft CMS contains an authorization issue in AssetsController::actionMoveFolder where calling with force=true to move a folder into a destination with a conflicting name can overwrite and delete the destination folder without destination delete permission. Affected versions are 5.0.0-RC1 and abov...
CVE-2026-54891
The CVE-2026-54891 entry concerns Erlang/OTP ssl (tls_gen_connection.erl) where a network-positioned attacker can inject unauthenticated plaintext during TLS handshake. The tls_gen_connection:handle_protocol_record/3 function rejects APPLICATION_DATA in pre-handshake when acting as a server, but ...
CVE-2026-55950
This CVE (CVE-2026-55950) describes a TOCTOU race in Erlang/OTP ssl (dtls_packet_demux.erl) where a DTLS listener’s shared demux process can be crashed by an unauthenticated remote attacker sending rapid ClientHello datagrams from the same source IP/port. The race in the internal gb_trees store l...
CVE-2026-54886
The vulnerability CVE-2026-54886 affects Erlang/OTP's SSH server side (ssh_sftpd) and allows an authenticated SFTP client to trigger an infinite loop on a channel by sending SSH_MSG_CHANNEL_EXTENDED_DATA. The handle_data/4 clause tail-calls itself when a non-zero data_type_code arrives with an em...
CVE-2026-55952
Summary: The Erlang/OTP ssl module is vulnerable to a TLS 1.3 denial of service due to a mismatch between PSK identity list and binder list lengths in the ClientHello extension. In tls_handshake_1_3:handle_pre_shared_key/3, an OfferedPreSharedKeys record with unequal identities/binders is passed ...
CVE-2026-54887
CVE-2026-54887 concerns Erlang/OTP's DTLS server in ssl, where during startup the cookie secret is initialized to an empty binary instead of a random value. This makes DTLS cookie computation deterministic for the first 0–15 seconds, allowing an observer of plaintext ClientHello to forge a valid ...
CVE-2026-53422
CVE-2026-53422 describes an Observable Response Discrepancy in Erlang OTP ssh_sftpd where the REALPATH path handling bypasses root validation, enabling an authenticated SFTP user to determine the existence of files/directories outside the configured root. The root cause is that SSH_FXP_REALPATH u...
CVE-2026-50281
Craft CMS vulnerability CVE-2026-50281 affects versions 5.7.0 through 5.9.20. A mass-assignment flaw in the bulk-duplicate element action allows an attacker who can duplicate their own entries to submit an arbitrary id via the newAttributes parameter. The duplication flow clones the source elemen...
CVE-2026-44935
The vulnerability (CVE-2026-44935) affects SUSE Rancher Fleet’s Helm Deployer where missing validation of valuesFrom references enables cross-tenant access to fleet credentials stored in secrets/config maps on downstream clusters. Affected versions include Fleet 0.15.x before 0.15.2, 0.14.x befor...
CVE-2026-57805
A concrete vulnerability exists in WordPress Theme Tonda versions
CVE-2026-50027
Technical details for CVE-2026-50027 are not publicly available in the provided documents. No affected products, components, impact, or remediation are specified. Monitor for updates and additional disclosures.
CVE-2026-57804
The PatchStack entry identifies a Local File Inclusion (LFI) vulnerability in WordPress TheGem Theme Elements for Elementor plugin, affected versions
CVE-2026-57803
A PatchStack entry ties CVE-2026-57803 to a Local File Inclusion (LFI) vulnerability in the WordPress Struktur Core plugin affecting versions ≤ 2.5.1, discovered by João Pedro S Alcântara (Kinorth). The description confirms the vulnerability class but provides no further details on root cause, im...
CVE-2026-57802
CVE-2026-57802 corresponds to a Local File Inclusion vulnerability in the WordPress Struktur theme (versions ≤ 2.5.1). It affects the Struktur WordPress theme, with the issue reported by João Pedro S Alcântara (Kinorth) . The connected document explicitly states the vulnerability class but does n...