368666 matches found
CVE-2026-54764
Technical details for CVE-2026-54764 are not publicly available in the provided documents. Monitor for updates as the entry is reserved and no exposed vulnerability information is present.
CVE-2026-45045
GoFiber vulnerability (BalancerForward) : The GoFiber proxy helper uses Header.Add("X-Real-IP", c.IP()) instead of Header.Set(), causing the attacker-supplied IP to be combined with the real client IP. Upstream servers that read the first X-Real-IP value can log, rate-limit, or gate access using ...
CVE-2026-44332
Summary: GoFiber’s BasicAuth default Authorizer short-circuits on unknown usernames, causing a timing oracle that leaks username existence. The vulnerability arises because verifiers are only invoked for known users; for unknown users, authentication returns false immediately, creating a ~100ms v...
CVE-2026-53357
CVE-2026-53357 triggers a use-after-free in the Linux kernel Bluetooth stack (l2cap) when closing a listening socket: bt_accept_dequeue() temporarily holds the child, then cleanup_listen() may operate on a sk that has already been freed by l2cap_conn_del() during an HCI disconnect. The race occur...
CVE-2026-53358
The CVE-2026-53358 issue is in the Linux kernel Bluetooth L2CAP code. The vulnerability related to channel cleanup in cleanup_listen() was fixed by not calling l2cap_chan_close() under the incorrect lock order; instead, it now schedules l2cap_chan_timeout with a delay of 0 to close the channel as...
CVE-2026-57796
The CVE entry references a Local File Inclusion (LFI) vulnerability in the WordPress Leedo theme (versions
CVE-2026-57795
CVE-2026-57795 is associated with a Local File Inclusion vulnerability in the WordPress Theme Kitchor, affected versions
CVE-2026-57794
Affected product/impacted component: WordPress Golo Framework plugin (versions ≤ 1.7.3). Vulnerability type: Local File Inclusion (LFI). Discovery/credit: Discovered by João Pedro S Alcântara (Kinorth). Impact/notes: The provided documents identify an LFI vulnerability but do not include details ...
CVE-2026-57792
The Connected document details a Local File Inclusion (LFI) vulnerability in WordPress theme Dør, versions <= 2.4.1. Affected software: WordPress Dør theme (
CVE-2026-57793
CVE-2026-57793 is supported by a connected document describing a Local File Inclusion vulnerability in the WordPress Flow theme, versioned
CVE-2026-57791
WordPress Brook theme affected: Brook theme
CVE-2026-57789
CVE-2026-57789 is supported by a connected entry describing a Local File Inclusion vulnerability in the WordPress Theme Aqua, versions ≤ 5.1.2. Affected component: Aqua theme; vulnerability class: Local File Inclusion. Exploit details, root cause specifics, and remediation steps are not provided ...
CVE-2026-57790
WordPress theme Billey versions
CVE-2026-57788
Affected software : WordPress Theme Aalto (versions ≤ 1.8). Vulnerability : Local File Inclusion (LFI). Discovery/attribution : Identified by João Pedro S Alcântara (Kinorth). Details provided : The connected document states the vulnerability exists in Theme Aalto ≤ v1.8 and is a local file inclu...
CVE-2026-57787
The connected entry identifies a concrete vulnerability: WordPress plugin CWS SVGicons (versions ≤ 1.5.5) has an SQL Injection flaw. The issue is attributed to the CWS SVGicons plugin, with the vulnerability discovered by Phat RiO. The CVE-2026-57787 description in the initial document is reserve...
CVE-2026-57786
The connected document identifies a concrete vulnerability: WordPress WorkScout-Core plugin, versions
CVE-2026-57783
Summary: WordPress Speaker plugin versions ≤ 4.1.13 have a Cross Site Scripting (XSS) vulnerability, as reported by the PatchStack entry. The connected document confirms the affected product and the vulnerability type, but provides no details on root cause, affected components beyond the plugin, ...
CVE-2026-57773
The connected data confirms a SQL Injection vulnerability in the WordPress plugin Advanced Shipment Tracking for WooCommerce (versions
CVE-2026-4767
Technical details (affected product/version, root cause, impact, or remediation) are not publicly provided in the supplied documents. Monitor for updates.
CVE-2026-4772
CVE-2026-4772 describes a stored cross-site scripting vulnerability in TR7 Cyber Defense Inc. WAF-ASP. Affected versions range from v1.0.324.900 up to, but not including, v1.4.0.117. The issue arises from improper neutralization of input during web page generation. The CVE is confirmed by multipl...