|
CVE-2026-57277
|
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
High
|
Cwe 120
Remote Code Execution
Buffer Overflow
WebSocket
+1
|
il y a 6 jours
|
|
CVE-2026-57276
|
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
High
|
Cwe 120
Geovision
WebSocket
Buffer Overflow
|
il y a 6 jours
|
|
CVE-2026-57275
|
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
High
|
Cwe 120
Geovision
Remote Code Execution
Buffer Overflow
+1
|
il y a 6 jours
|
|
CVE-2026-57274
|
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
High
|
Cwe 120
Buffer Overflow
WebSocket
Geovision
+1
|
il y a 6 jours
|
|
CVE-2026-57271
|
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
High
|
Cwe 129
Remote Code Execution
WebSocket
Geovision
|
il y a 6 jours
|
|
CVE-2026-13521
|
|
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0/5.php....
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0/5.php....
|
High
|
PHP
SQL Injection
Cwe 74
Cwe 89
|
il y a 1 semaine
|
|
CVE-2026-13498
|
|
A vulnerability was identified in yashpokharna2555 restaurent-management-system. This affects an...
A vulnerability was identified in yashpokharna2555 restaurent-management-system. This affects an...
|
High
|
PHP
SQL Injection
Cwe 74
Cwe 89
|
il y a 1 semaine
|
|
CVE-2026-58054
|
|
MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when...
MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when...
|
High
|
Cwe 269
Mybb
PHP
Privilege Escalation
|
il y a 1 semaine
|
|
CVE-2026-3652
|
|
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
|
High
|
WordPress
Cross-Site Scripting
Cwe 79
PHP
|
il y a 2 semaines
|
|
CVE-2026-53866
|
|
OpenClaw: Shell inline-command parsing could miss an allowlist check
OpenClaw: Shell inline-command parsing could miss an allowlist check
|
High
|
Cwe 862
Remote Code Execution
Openclaw
|
il y a 3 semaines
|
|
CVE-2026-53864
|
|
OpenClaw: Host environment sanitizer missed two Node.js control variables
OpenClaw: Host environment sanitizer missed two Node.js control variables
|
High
|
JavaScript
Cwe 184
Nodejs
Openclaw
|
il y a 3 semaines
|
|
CVE-2026-53857
|
|
OpenClaw: Zalo allowFrom could bind to mutable display names
OpenClaw: Zalo allowFrom could bind to mutable display names
|
High
|
Cwe 290
Policy Enforcement
Remote Code Execution
Web Application
+2
|
il y a 3 semaines
|
|
CVE-2026-53855
|
|
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
|
High
|
Cwe 184
Cwe 863
Remote Code Execution
Openclaw
|
il y a 3 semaines
|
|
CVE-2026-53849
|
|
OpenClaw: Discord allowFrom could bind to mutable display names
OpenClaw: Discord allowFrom could bind to mutable display names
|
High
|
Privilege Escalation
Cwe 290
Web Application
Openclaw
|
il y a 3 semaines
|
|
CVE-2026-53843
|
|
OpenClaw: Pairing-scoped device session could restore revoked node token authority
OpenClaw: Pairing-scoped device session could restore revoked node token authority
|
High
|
Cwe 613
WebSocket
Authentication Bypass
Openclaw
|
il y a 3 semaines
|
|
CVE-2026-41708
|
|
Vulnérabilité dans dos (CVE-2026-41708)
vulnérabilité dans dos (CVE-2026-41708). Risque d'opérations non autorisées ou de divulgation.
|
High
|
Denial of Service
Cwe 400
Spring
Broadcom
+1
|
il y a 3 semaines
|
|
CVE-2026-47906
|
|
Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third...
Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third...
|
High
|
PHP
Remote Code Execution
Cwe 94
Adobe
+5
|
il y a 4 semaines
|
|
CVE-2026-11501
|
|
A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System...
A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System...
|
High
|
PHP
SQL Injection
Cwe 74
Cwe 89
|
il y a 1 mois
|
|
CVE-2026-11489
|
|
A vulnerability was found in code-projects Online Music Site 1.0. This vulnerability affects...
A vulnerability was found in code-projects Online Music Site 1.0. This vulnerability affects...
|
High
|
PHP
SQL Injection
Cwe 74
Cwe 89
+1
|
il y a 1 mois
|
|
CVE-2026-11488
|
|
A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This...
A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This...
|
High
|
PHP
SQL Injection
Cwe 74
Cwe 89
|
il y a 1 mois
|
|
CVE-2026-11486
|
|
A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Affected by...
A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Affected by...
|
High
|
PHP
SQL Injection
Cwe 74
Cwe 89
+1
|
il y a 1 mois
|
|
CVE-2026-11485
|
|
A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1...
A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1...
|
High
|
PHP
SQL Injection
Cwe 74
Cwe 89
+1
|
il y a 1 mois
|
|
CVE-2026-11484
|
|
A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This...
A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This...
|
High
|
PHP
SQL Injection
Cwe 74
Cwe 89
+1
|
il y a 1 mois
|
|
CVE-2026-11483
|
|
A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0. This...
A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0. This...
|
High
|
PHP
SQL Injection
Cwe 74
Cwe 89
+2
|
il y a 1 mois
|
|
CVE-2026-11462
|
|
A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This...
A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This...
|
High
|
PHP
Cwe 266
Cwe 285
Remote Code Execution
|
il y a 1 mois
|
|
CVE-2026-5415
|
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
|
High
|
WordPress
Authentication Bypass
Cwe 288
PHP
|
il y a 1 mois
|
|
CVE-2026-5411
|
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
|
High
|
PHP
WordPress
Remote Code Execution
Cwe 434
|
il y a 1 mois
|
|
CVE-2026-46392
|
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filen...
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the `.htaccess` rule that forces `Content-Disposition: attachment` on HTML...
|
High
|
PHP
JavaScript
Cwe 178
Cwe 434
+1
|
il y a 1 mois
|
|
CVE-2026-10777
|
|
A vulnerability was identified in ealpha072 Student-Management-System up to...
A vulnerability was identified in ealpha072 Student-Management-System up to...
|
High
|
PHP
Cwe 287
Remote Code Execution
|
il y a 1 mois
|
|
CVE-2026-10771
|
|
A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate...
A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate...
|
High
|
Java
Cwe 918
Server-Side Request Forgery
|
il y a 1 mois
|
|
CVE-2026-28299
|
|
SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when...
SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when...
|
High
|
Cwe 770
Denial of Service
Solarwinds
Web Help Desk
|
il y a 1 mois
|
|
CVE-2026-1829
|
|
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
|
High
|
WordPress
Remote Code Execution
Cwe 94
PHP
|
il y a 1 mois
|
|
CVE-2026-7313
|
|
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from...
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from...
|
High
|
Cwe 522
Remote Code Execution
PHP
Progress
+1
|
il y a 1 mois
|
|
CVE-2026-7201
|
|
CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity...
CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity...
|
High
|
Cwe 639
Authentication Bypass
Progress
Sitefinity
|
il y a 1 mois
|
|
CVE-2026-7195
|
|
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x,...
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x,...
|
High
|
Cwe 20
Web Services
Remote Code Execution
PHP
+2
|
il y a 1 mois
|
|
CVE-2026-39555
|
|
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection.
...
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection.
...
|
High
|
Insecure Deserialization
Cwe 502
WordPress
PHP
|
il y a 1 mois
|
|
CVE-2026-39552
|
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
High
|
PHP
Cwe 98
WordPress
Remote Code Execution
+1
|
il y a 1 mois
|
|
CVE-2025-69369
|
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
High
|
PHP
Cwe 98
WordPress
Local File Inclusion
|
il y a 1 mois
|
|
CVE-2025-68886
|
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
High
|
PHP
Cwe 98
WordPress
Remote Code Execution
|
il y a 1 mois
|
|
CVE-2024-21182
KEV
|
|
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
|
High
|
Oracle Weblogic
Remote Code Execution
Cwe 94
C
+2
|
il y a 1 mois
|
|
CVE-2026-48557
|
|
Spatie Laravel Media Library contains a file upload restriction bypass
Spatie Laravel Media Library contains a file upload restriction bypass
|
High
|
PHP
Laravel
Apache
Cwe 184
|
il y a 1 mois
|
|
CVE-2026-49368
|
|
In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
|
High
|
Cross-Site Scripting
Cwe 79
Jetbrains
High Severity
+1
|
il y a 1 mois
|
|
CVE-2026-44698
|
|
Injection de code dans CVE-2026-44698 (CVE-2026-44698)
injection de code dans CVE-2026-44698 (CVE-2026-44698). L'exploitation peut entraîner la prise de contrôle totale du système. Exploitable via ``window.externalApp``. Atténuation : mise à jour vers `2026.4.1` ou plus.
|
High
|
JavaScript
Cwe 94
Cwe 346
Cwe 749
+3
|
il y a 1 mois
|
|
CVE-2025-11262
|
|
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
|
High
|
WordPress
Cross-Site Scripting
Cwe 79
PHP
|
il y a 1 mois
|
|
CVE-2026-42760
|
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and...
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and...
|
High
|
WordPress
Authentication Bypass
Cwe 288
|
il y a 1 mois
|
|
CVE-2026-42762
|
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
|
High
|
Cross-Site Scripting
Cwe 79
WordPress
PHP
|
il y a 1 mois
|
|
CVE-2026-42753
|
|
Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows...
Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows...
|
High
|
Cwe 862
WordPress
Authentication Bypass
|
il y a 1 mois
|
|
CVE-2026-42746
|
|
Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for...
Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for...
|
High
|
Cwe 201
PHP
WordPress
|
il y a 1 mois
|
|
CVE-2026-42745
|
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
|
High
|
Authentication Bypass
Cwe 288
WordPress
PHP
|
il y a 1 mois
|
|
CVE-2026-42737
|
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
|
High
|
Path Traversal
Cwe 22
WordPress
PHP
|
il y a 1 mois
|