368702 matches found
CVE-2026-13704
Summary: CVE-2026-13704 affects the GiveWP – Donation Plugin and Fundraising Platform for WordPress. The vulnerability is a Stored Cross‑Site Scripting issue exploitable via the parameter sequoia[introduction][image] and exists in all versions up to and including 4.16.1 due to insufficient input ...
CVE-2026-5348
The CVE concerns the WordPress plugin Academy LMS (WordPress LMS Plugin for Complete eLearning Solution) up to version 3.8.1. The root cause is the REST API endpoint /topics being registered with a permission callback of __return_true, which permits unauthenticated access to course curriculum dat...
CVE-2026-10089
CVE-2026-10089 concerns the WordPress plugin Insert Pages (versions up to 3.11.4). It describes a Stored XSS where the meta field key (not the value) is interpolated into rendered HTML without escaping when rendering a page via the [insert page] shortcode. The underlying cause is insufficient esc...
CVE-2026-11592
The CVE-2026-11592 entry concerns the WordPress plugin Email Subscribers & Newsletters (formerly “Email Marketing, Post Notifications & Newsletter”). It describes an authorization bypass vulnerability affecting all versions up to and including 5.9.27. The root cause is that the plugin fails to ve...
CVE-2026-13357
The Houzez Property Feed WordPress plugin (up to version 2.5.46) is vulnerable to SQL Injection via the 'orderby' parameter. The issue stems from user-controlled $_GET['orderby'] and $_GET['order'] being filtered only with sanitize_text_field() and concatenated into the SQL format string before $...
CVE-2026-5821
The CVE-2026-5821 entry details a vulnerability in the WordPress Image Optimizer plugin (versions up to 1.7.4). The root cause is insufficient path validation in Image_Backup::remove(), where backup file paths stored in the image_optimizer_metadata post meta are used directly for deletion without...
CVE-2026-14249
The CVE refers to the WordPress plugin “Request a Quote” (versions up to and including 2.5.5). The vulnerability is a Code Injection via the emd_delete_file AJAX action. The handler derives a PHP function name from attacker-controlled $_POST['path'] and invokes it dynamically through a variable-f...
CVE-2026-11600
The CVE-2026-11600 entry concerns Envo’s Templates & Widgets for Elementor and WooCommerce (WordPress). Affected: Tabs and Off Canvas widgets up to version 1.4.26. Root cause: the Tabs widget render() passes a user-controlled template/post ID to Elementor’s get_builder_content_for_display() witho...
CVE-2026-57278
GeoWebPlayer (Web Plugin/WS Player) vulnerable to a stack-based buffer overflow in the connectInfo handler, specifically in the ip field (conn_info.ip_or_host) with unbounded JSON input. TALOS confirms multiple CVEs in the same connectInfo codepath, including potential arbitrary code execution in...
CVE-2026-57277
CVE-2026-57277 affects GeoWebPlayer (Web Plugin/WS Player) GeoVision GeoWebPlayer Websocket Server connectInfo handler. The vulnerability is a stack-based buffer overflow in the key field (buffer key_blob[17]), caused by copying attacker-controlled JSON fields into fixed-size buffers without prop...
CVE-2026-57276
GeoWebPlayer’s Websocket Server connectInfo handler contains stack-based buffer overflow vulnerabilities in several fields (e.g., username/password/password_enc with key present; ip, key_blob) leading to potential arbitrary code execution. Affected product: GeoWebPlayer (GeoVision GV-VMS/GV-Cloud...
CVE-2026-57275
Geovision GeoWebPlayer Websocket Server connectInfo handler is vulnerable to stack-based buffer overflows in multiple fields when handling JSON input (username, password, username_enc, password_enc, key, ip). Affected product: GeoWebPlayer (GeoVision software family), with version context cited b...
CVE-2026-57274
GeoWebPlayer’s CVE-2026-57274 is a buffer overflow in the connectInfo password handling of the Websocket Server (no key present) affecting GeoWebPlayer 1.1.1.0. A crafted websocket message can overflow the 64-byte password buffer, potentially enabling arbitrary code execution. Vendor patch releas...
CVE-2026-57273
GeoWebPlayer Websocket Server connectInfo handler in GeoVision software contains multiple stack-based buffer overflows in user-supplied JSON fields. Specifically, overflows occur in: username and password when key is absent (64-byte buffers), and username_enc, password_enc, key_blob, ip fields wh...
CVE-2026-57272
GeoWebPlayer/Websocket Server in GeoVision software (GV-VMS, GV-Cloud, etc.) uses an index parameter that is not validated, allowing out-of-bounds reads when handling localhost commands. This is the stated root cause and leads to the reported vulnerability (CVE-2026-57272). Impact is noted as hig...
CVE-2026-57271
GeoWebPlayer (GeoVision GeoWebPlayer/Web Plugin/WS Player) contains a WebSocket server component, and a discovered out-of-bounds read vulnerability affecting the pause command index, as reported in CVE-2026-57271. Connected records identify this as a WebSocket server issue within GeoVision softwa...
CVE-2026-57270
GeoWebPlayer (also called Web Plugin in GV-VMS and WS Player in VMS-Cloud) furnishes a websocket server that extends the Web interfaces of GeoVision software. The server processes commands from localhost, many of which use an index to access arrays and perform actions. The index value is not cons...
CVE-2026-57269
GeoWebPlayer (Web Plugin/WS Player) in GeoVision software exposes a websocket server where an unvalidated index can access multiple arrays out-of-bounds, leading to an out-of-bounds read. This affects the Websocket interface used by GV-VMS and GV-Cloud; CVSS 3.1 base score 8.3 (HIGH) with potenti...
CVE-2026-57268
GeoWebPlayer’s Websocket server exposes a saveVideo command where the provided index is not validated before it's used to access internal arrays and call a function pointer in CCriticalSection. This out-of-bounds access can reach the critical section and release path, potentially enabling code ex...
CVE-2026-57267
GeoWebPlayer (aka Web Plugin / WS Player) ships a websocket server that handles localhost commands. The index parameter used to access internal arrays is not consistently validated, enabling index-out-of-bounds reads in multiple arrays. This is documented as a GeoVision vulnerability (CVE-2026-57...