Search

Search Results (363955 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-56292 1 Acymailing.com 1 Acymailing.com Acymailing Extension For Joomla 2026-07-10 N/A
A SQLi vulnerability in AcyMailing component < 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage.
CVE-2026-5005 1 Twiser Informatics Technology Consulting 1 Okrs & Goals 2026-07-10 5.4 Medium
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Twiser Informatics Technology Consulting, Trade and Education Inc. OKRs & Goals allows Stored XSS. This issue affects OKRs & Goals: from 28220 before 28398.
CVE-2025-27462 1 Xen 1 Windows Pv Drivers 2026-07-10 N/A
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. These are: 1. XenCons, CVE-2025-27462 2. XenIface, CVE-2025-27463 3. XenBus, CVE-2025-27464
CVE-2025-27463 1 Xen 1 Windows Pv Drivers 2026-07-10 N/A
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. These are: 1. XenCons, CVE-2025-27462 2. XenIface, CVE-2025-27463 3. XenBus, CVE-2025-27464
CVE-2026-15187 1 Enquirer 1 Enquirer 2026-07-10 4.3 Medium
A security flaw has been discovered in enquirer up to 2.4.1. Affected is the function Enquirer.set of the component Public Package API. The manipulation of the argument question.name results in improperly controlled modification of object prototype attributes. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report.
CVE-2025-27464 1 Xen 1 Windows Pv Drivers 2026-07-10 N/A
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. These are: 1. XenCons, CVE-2025-27462 2. XenIface, CVE-2025-27463 3. XenBus, CVE-2025-27464
CVE-2025-58151 1 Xen 1 Varstored 2026-07-10 N/A
varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The exact vulnerable behaviour depends on the code generated by the compiler. In a build of varstored using default settings, the attacker can control an index used in a jump table.
CVE-2026-23556 1 Xen 1 Oxenstored 2026-07-10 N/A
When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota.
CVE-2026-53987 1 Pluginsglpi 1 Glpi 11 2026-07-10 6.4 Medium
The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent() without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update rights can set a tag name containing HTML, which then executes in the browser of any user who opens the Kanban view of a ticket, problem, change, or project the tag is attached to.
CVE-2026-58459 1 Ntpsec 1 Gpsd 2026-07-10 7.8 High
gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The subtype field sourced from a DEVICES JSON log entry or NMEA PGRMT sentence is written into a generated gnuplot program via a set title statement with only double-quote characters escaped, enabling arbitrary shell command execution as the user running gnuplot when the victim renders the generated plot through the gpsprof and gnuplot workflow.
CVE-2026-59726 1 Ruvnet 1 Ruflo 2026-07-10 10 Critical
Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo's default docker-compose deployment exposed the MCP bridge POST /mcp and POST /mcp/:group endpoints without authentication, allowing an unauthenticated network attacker to invoke tools/call to terminal_execute, obtain a shell in the bridge container, read provider API keys, and poison AgentDB learning-store patterns. This issue is fixed in version 3.16.3.
CVE-2026-58378 1 Allwinner 1 H616 2026-07-10 8.8 High
Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access.
CVE-2026-61343 1 Librebooking 1 Librebooking 2026-07-10 7.2 High
LibreBooking's email template editor save action passes the submitted template name directly into the destination file path, allowing a remote attacker with administrator credentials to write an arbitrary file outside the template directory and execute code. Fixed in 5.1.0.
CVE-2026-61344 1 Superior Court Of California 1 Hearing Reminder Service 2026-07-10 5.3 Medium
The Superior Court of California Hearing Reminder Service at https://www.hrs.courts.ca.gov exposes an API endpoint that returns court reminder records containing potentially sensitive information without authentication.
CVE-2026-55590 1 Cakephp 1 Authentication 2026-07-10 N/A
CakePHP Authentication is an authentication plugin for CakePHP that can also be used in PSR-7 based applications. Prior to 2.11.1, 3.3.6, and 4.1.1, the getLoginRedirect() method contains a weakness to backslash bypasses that allows redirect targets with attacker-controlled hostnames through the redirect query string parameter. This issue is fixed in versions 2.11.1, 3.3.6, and 4.1.1.
CVE-2026-13430 2 Wordpress, Wpazleen 2 Wordpress, Post Export Import With Media 2026-07-10 7.2 High
The Post Export Import with Media plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.13.1 via the import_media_file_secure function. This is due to insufficient file extension validation caused by a trailing-dot filename bypass, where the extension allow-list check in ajax_import_media_start() uses pathinfo() on the raw ZIP entry name (e.g., 'shell.php.'), which returns an empty string for the extension, causing the allow-list guard to be skipped and the file to be extracted to a temporary location, after which import_media_file_secure() copies it into the WordPress uploads directory without re-validating the extension. This makes it possible for authenticated attackers, with administrator-level access and above, to upload files that may be executable, which makes remote code execution possible.
CVE-2026-15282 2 Tenteeglobal, Wordpress 2 Instant Appointment, Wordpress 2026-07-10 9.8 Critical
The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'insapp_upload_image_as_attachment' function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVE-2026-15292 2 Tibouille, Wordpress 2 Sudoku Shortcode, Wordpress 2026-07-10 6.4 Medium
The Sudoku Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'background' parameter in the 'sudoku-sc' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2026-15293 2 Joeyoungblood, Wordpress 2 Wp Business Intelligence Lite, Wordpress 2026-07-10 8 High
The WP Business Intelligence Lite plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.2.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify stored SQL queries, which can lead to privilege escalation via arbitrary SQL execution when the modified query is viewed by an administrator.
CVE-2026-15298 2 Pechenki, Wordpress 2 Telsender – Сontact Form 7, Events, Wpforms, Ninja Forms And Woocommerce To Telegram Bot, Wordpress 2026-07-10 7.2 High
The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegram API responses containing attacker-controlled chat titles. This makes it possible for unauthenticated attackers to inject malicious scripts via Telegram chat titles that execute when an administrator opens the TelSender settings page and clicks the "Tested" button.