Search

Search Results (362572 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-59617 1 Qualcomm 1 Snapdragon 2026-07-07 6.6 Medium
Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input.
CVE-2026-5530 1 Ollama 1 Ollama 2026-07-07 6.3 Medium
A flaw has been found in Ollama up to 0.18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-6228 2026-07-07 7.5 High
The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file inclusion path, allowing authenticated users with subscriber-level access and above to include and execute arbitrary local PHP files on the server.
CVE-2026-10830 2026-07-07 8.8 High
The AllCoach WordPress plugin before 1.0.2 does not verify that an email address submitted to a public account-registration endpoint is not already associated with an existing user before overwriting that user's password, allowing unauthenticated attackers to reset the password of arbitrary accounts, including administrators, and take over the site.
CVE-2026-11766 2 Ultimatemember, Wordpress 2 Ultimate Member, Wordpress 2026-07-07 8 High
The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user profiles, allowing authenticated users with Subscriber-level access and above to store JavaScript that executes when any user, including an administrator, views the affected profile.
CVE-2026-11855 2026-07-07 8.8 High
The Simple Membership WordPress plugin before 4.7.5 does not verify the authenticity of Stripe webhook requests when no signing secret is configured, nor escape a value taken from them before outputting it in an administrator notice, allowing unauthenticated attackers to inject arbitrary web scripts that execute in the context of a logged-in administrator.
CVE-2026-11962 2 Fileorganizer, Wordpress 2 Fileorganizer, Wordpress 2026-07-07 8.8 High
The FileOrganizer WordPress plugin before 1.2.0 does not validate the file type on several of its file-management operations, allowing authenticated users who have been granted file-manager access — which its premium add-on can extend to sub-administrator roles — to upload arbitrary PHP files and achieve remote code execution. This is an incomplete fix of CVE-2024-7985, which only added file-type validation to the upload operation.
CVE-2026-12083 2026-07-07 8.1 High
The Admin and Site Enhancements (ASE) WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a role-restoration request handler, allowing unauthenticated attackers to restore a previously demoted administrator account back to the administrator role. This is an incomplete fix of CVE-2024-43333 / CVE-2025-24648, which closed the issue for only one of the demotion paths the WordPress role API exposes.
CVE-2026-56290 1 Joomlack 1 Page Builder Ck Extension For Joomla 2026-07-07 N/A
The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
CVE-2026-55255 1 Langflow 1 Langflow 2026-07-07 9.9 Critical
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. This vulnerability is fixed in 1.9.2.
CVE-2026-48908 1 Joomshaper.net 1 Sp Page Builder Extension For Joomla 2026-07-07 N/A
A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.
CVE-2026-7017 2026-07-07 N/A
HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, `_maybe_redirect` follows the `Location:` header and `_prepare_headers_and_cb` re-merges the caller's `headers` argument into the new request, without checking whether the redirect target shares an origin with the original URL. Caller-supplied `Authorization`, `Cookie` and `Proxy-Authorization` headers are therefore re-sent to whatever host the redirect names, across scheme, host or port boundaries, and including `https` to `http` downgrades that expose them in plaintext on the wire. The HTTP::Tiny POD note that "Authorization headers will not be included in a redirected request" applied only to the URL-userinfo Basic-auth path, not to headers passed explicitly by the caller.
CVE-2026-55435 2026-07-07 5.4 Medium
Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, AI Bridge proxy endpoints authenticate via `Server.IsAuthorized` in `coderd/aibridgedserver`, which validates key format, expiry, secret and deleted or system users but does not check whether the account is suspended. Because suspension does not revoke existing API keys, a suspended user's unexpired token keeps working. Practical impact is limited to already-issued API keys of suspended users until those keys are deleted. Versions 2.32.7, 2.33.8, and 2.34.2 patch the issue. As a workaround, on suspension, delete the user's API keys via `DELETE /api/v2/users/{user}/keys`.
CVE-2026-48952 2026-07-07 N/A
Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.
CVE-2026-48947 2026-07-07 N/A
An improper access check allows privileged users to overwrite media files without editing permissions.
CVE-2026-48958 2026-07-07 N/A
An improper access check allows unauthorized users to create custom fields via webservices endpoints.
CVE-2026-23697 1 Vtiger 1 Vtiger Crm 2026-07-07 8.8 High
Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the .phar extension. The uploaded file is stored with its original .phar extension under the web-accessible storage directory, and a misconfigured .htaccess using Apache 2.2 syntax is silently ignored on Apache 2.4 deployments, allowing unauthenticated HTTP requests to directly execute the uploaded PHP payload.
CVE-2026-48950 2026-07-07 N/A
Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.
CVE-2026-48955 2026-07-07 N/A
An improper access check allows unauthorized users to access workflow stage and transition information.
CVE-2026-48956 2026-07-07 N/A
An improper access check allows users to display a list of modules in the frontend.