Search Results (2345 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-54917 1 Seaweedfs 1 Seaweedfs 2026-06-26 N/A
SeaweedFS is a distributed storage system for object storage (S3), file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter().SkipClean(true). With path cleaning disabled, a .. segment inside the URL survives routing, so a request such as `GET /bucket-A/../evil-bucket/key`, is matched as bucket=bucket-A, object=../evil-bucket/key. The captured object key is then joined into a filer path with util.JoinPath (S3) / path.Join (Iceberg), which collapse the .. server-side, so the actual read or write lands in evil-bucket. This vulnerability is fixed in 4.30.
CVE-2026-50549 1 Cursor 1 Cursor 2026-06-26 N/A
Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default. Before a Write, the agent canonicalizes the target path to confirm it stays inside the workspace, but when canonicalization fails it falls back to the original path and writes without approval. A malicious agent can create an in-workspace symlink that points outside the workspace and force canonicalization to fail — either because the target does not exist or because read permission is removed from the path — so the agent writes through the symlink to an arbitrary location without approval. A malicious agent could write arbitrary files outside the workspace under the user's privileges. This enables non-sandboxed Remote Code Execution — for example by overwriting the cursorsandbox helper so later commands run unsandboxed — with no user interaction beyond a benign prompt. This vulnerability is fixed in 3.0.
CVE-2026-54848 2 Saad Iqbal, Wordpress 2 Apiexperts Square For Woocommerce, Wordpress 2026-06-26 8.3 High
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3.
CVE-2026-40211 1 Powerdns 1 Dnsdist 2026-06-26 5.3 Medium
An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to trigger an out-of-memory condition, resulting in a denial of service.
CVE-2026-56006 2 H5p, Wordpress 2 H5p, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions.
CVE-2026-56050 2 Themeisle, Wordpress 2 Ppom For Woocommerce, Wordpress 2026-06-26 6.5 Medium
Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18.
CVE-2026-42005 1 Powerdns 1 Authoritative 2026-06-25 4.3 Medium
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
CVE-2026-42388 1 Powerdns 1 Recursor 2026-06-25 5.9 Medium
Incomplete validation of the SOA record present in a catalog zone might lead to a crash.
CVE-2026-57619 2 Elementor, Wordpress 2 Elementor Website Builder, Wordpress 2026-06-25 6.5 Medium
Contributor Sensitive Data Exposure in Elementor Website Builder <= 4.1.3 versions.
CVE-2026-54823 2 Marketingfire, Wordpress 2 Widget-options, Wordpress 2026-06-25 9.9 Critical
Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions.
CVE-2026-56005 2 Melapress, Wordpress 2 Wp Activity Log, Wordpress 2026-06-25 7.1 High
Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.
CVE-2026-54842 2 Royal Plugins, Wordpress 2 Royal Mcp, Wordpress 2026-06-25 8.1 High
Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25.
CVE-2026-57532 1 Pretix 1 Pretix 2026-06-25 N/A
Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was executed when the PDF editor is opened in the browser. This could allow one backend user to inject JavaScript into the browser context of another backend user. Due to requirements of the PDF rendering and editing libraries used, this is one of the few pages in our backend that do not have a strong Content-Security-Policy that would render this capability useless for most scenarios.
CVE-2026-57455 2 Redhat, Vim 2 Hummingbird, Vim 2026-06-25 4.7 Medium
Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spell_soundfold_sofo() in src/spell.c translates a word through a spell file's SOFO (sound-folding) byte map into a caller-owned result buffer. Its copy loop advances the output index ri with no upper bound and terminates only on the input NUL, writing one byte per input byte into the MAXWLEN-element stack buffer the caller provides. A word longer than MAXWLEN, passed to soundfold() (or reached via sound-based spell suggestion) while a SOFO-based spell language is active, therefore writes past the end of that buffer. This is a stack out-of-bounds write that corrupts the call frame and crashes the editor. This vulnerability is fixed in 9.2.0698.
CVE-2026-46733 1 Dell 1 Display And Peripheral Manager 2026-06-25 7.8 High
Dell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
CVE-2026-56014 2 Averta, Wordpress 2 Master Slider, Wordpress 2026-06-25 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.
CVE-2026-12079 2 Wedevs, Wordpress 2 Dokan Pro, Wordpress 2026-06-25 6.5 Medium
The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2026-40208 1 Powerdns 1 Dnsdist 2026-06-25 3.7 Low
An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame.
CVE-2026-54829 2 Jacob N. Breetvelt, Wordpress 2 Wp Photo Album Plus, Wordpress 2026-06-25 7.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005.
CVE-2026-54036 1 Danny-avila 1 Libre Chat 2026-06-25 5.3 Medium
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user (or attacker with a stolen session) even when 2FA is already fully enabled on the account. This endpoint overwrites the existing TOTP secret, generates new backup codes, and sets twoFactorEnabled to false — all without requiring any TOTP or backup code verification. An attacker with a valid session token can completely take over a victim's 2FA, locking the legitimate user out of their own two-factor authentication. This vulnerability is fixed in 0.8.4-rc1.