Search Results (6891 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-31493 1 Zoneminder 1 Zoneminder 2026-07-05 6.6 Medium
RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system.
CVE-2026-14655 1 Code-projects 1 Assessment Management 2026-07-04 2.4 Low
A weakness has been identified in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file admin/view-users.php. Executing a manipulation of the argument User can lead to cross site scripting. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
CVE-2026-14633 1 Kirilkirkov 1 Ecommerce-codeigniter-bootstrap 2026-07-04 4.3 Medium
A vulnerability was determined in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 49b20f53de2b7ec34e920b11c863f1491d911a04. This affects an unknown part of the file /index.php/api/product/set of the component Hidden REST API Endpoint. This manipulation of the argument title/description causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. Patch name: d9785f995da77bdc62fb2d34bad5f7a162c9ad23. To fix this issue, it is recommended to deploy a patch.
CVE-2026-11778 2026-07-03 5.4 Medium
The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.2.14. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
CVE-2026-14439 2026-07-02 N/A
A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to move arbitrary files outside the intended repository area. This file-move primitive can be used to place attacker-controlled script content into directories where it is later executed by the service, resulting in remote code execution under the Git Service account. On multi-tenant Altium 365 deployments, this could have allowed access to data belonging to other tenants on the same infrastructure node. Altium Enterprise Server is fixed in 8.1.1. The issue has been remediated across Altium 365 shared multi-tenant deployments at the service level; remediation is in progress on remaining Altium 365 deployments.
CVE-2026-57624 2026-07-02 10 Critical
Unauthenticated Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.46 versions.
CVE-2026-27436 2026-07-02 9.1 Critical
Editor Arbitrary Code Execution in Five Star Business Profile and Schema <= 2.3.19 versions.
CVE-2026-54074 2026-07-02 7.8 High
Tina is a headless content management system. @tinacms/cli versions prior to 2.4.3 contain a Remote Code Execution vulnerability in the Forestry-to-Tina migration command. The internal helper addVariablesToCode unquotes any value matching the marker "__TINA_INTERNAL__:::(.*?):::" inside the stringified collection JSON. User-supplied label and name fields from .forestry/**/*.yml are placed into that JSON without any sanitisation. An attacker who controls a Forestry-style project can therefore inject arbitrary JavaScript into the generated tina/templates.{ts,js} file. The injected code is written at module top level, so it executes the moment the developer runs tinacms dev or tinacms build, with the developer's privileges. This issue has been fixed in version 2.4.3.
CVE-2026-55660 2026-07-02 N/A
Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library registers window message listeners — the useTina overlay handler, the OAuth authentication popup handler, and the admin↔preview iframe GraphQL reducer — that act on event.data without verifying event.origin or event.source and post messages using non-specific target origins, while insufficient URL sanitization in rich-text content allows malicious URLs to persist and execute. A page the victim visits (or a window in an opener/iframe relationship with a Tina admin) can forge messages to drive the editor, inject preview content, or observe/forge the OAuth popup channel to take over an authenticated editing session. This issue has been fixed in versions @tinacms/app 2.5.6 and tinacms 3.9.3.
CVE-2026-55794 2026-07-02 N/A
Craft CMS is a content management system (CMS). In versions 5.9.0 and above prior to 5.10.0, control panel users with the ability to edit entries can execute unsandboxed Twig code via the HTTP Referrer header, potentially leading to authenticated RCE. The issue happens when a user is saving entries. Strings for a signed redirect URL are being compiled as a Twig template via renderObjectTemplate(), and while a sandboxed alternative already exists (renderSandboxedObjectTemplate()), it is not used in this case. This signed URL can be specified by users, as it is reflected in the “Referer” HTTP request header, which is under attacker control. This issue has been fixed in version 5.10.0.
CVE-2026-58454 2026-07-01 7.5 High
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing to the writable persistent JFFS2 storage path and triggering execution through the authenticated HTTP endpoint. Attackers can stage a malicious script in the writable persistent storage and request the config endpoint to invoke it via popen(), achieving persistent remote code execution that survives device reboots.
CVE-2026-7873 1 Ibm 1 Langflow Oss 2026-07-01 9.9 Critical
IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.
CVE-2026-58025 2026-07-01 N/A
Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, includes/Logging/LogEntryBase.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
CVE-2026-8857 2026-07-01 N/A
A vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files scripts/EasyTimeline.Pl, includes/Timeline.Php. This issue affects timeline: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
CVE-2026-12084 1 Ibm 1 Ucd Ibm Devops Deploy 2026-07-01 5.4 Medium
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.
CVE-2026-13006 1 Qos.ch Sarl 1 Logback-core 2026-07-01 6.0 Medium
ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.36 in Java applications, allows an attacker to execute arbitrary code circumventing existing protections against CVE-2025-11226 by compromising an existing logback configuration file or by injecting an environment variable before program execution. A successful attack requires the presence of Janino library to be present on the user's class path. In addition, the attacker must  have write access to a configuration file. Alternatively, the attacker could inject a malicious environment variable pointing to a malicious configuration file. In both cases, the attack requires existing privilege. Please note that in logack version 1.5.37 conditional processing using Janino was removed.
CVE-2026-58116 1 Hiyouga 1 Llama-factory 2026-06-30 9.8 Critical
LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into AutoTokenizer.from_pretrained() and AutoModel.from_pretrained() with a hardcoded trust_remote_code=True parameter, causing the Hugging Face transformers library to fetch and execute arbitrary code from a remote or local model repository with the privileges of the server process.
CVE-2026-50741 1 Revive 1 Adserver 2026-06-30 N/A
Bypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed either by sending a disallowed but otherwise valid plugin identifier as `type`, or using the `ox.setChannelTargeting` XML-RPC API method.
CVE-2026-31236 1 Simonw 1 Llm 2026-06-30 9.8 Critical
The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec() function without any sanitization, sandboxing, or security restrictions. An attacker can exploit this by crafting a malicious llm command with arbitrary Python code in the --functions argument and using social engineering to trick a victim into running it. This leads to arbitrary code execution on the victim's system, potentially granting the attacker full control.
CVE-2025-7958 1 Trellix 1 Network Security 2026-06-29 N/A
A Code Injection vulnerability existed in Trellix Network Security CM and NX. A locally authenticated admin user can execute arbitrary code using the web interface and Alert artifact details.