Aggregator

A vulnerability classified as problematic was found in libxml2. The affected element is an unknown function. The manipulation results in resource consumption. This vulnerability is reported as CVE-2026-0992. The attack can be launched remotely. No exploit exists.

A vulnerability categorized as problematic has been discovered in alextselegidis easyappointments up to 1.5.2. This affects the function php::csrf_verify of the file application/core/EA_Security.php of the component GET Handler. Executing a manipulation can lead to cross-site request forgery. This vulnerability appears as CVE-2026-23622. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in Appointment Booking Calendar Plugin up to 1.6.9.9 on WordPress. It has been declared as critical. Impacted is an unknown function. Such manipulation of the argument order/append_where_sql leads to sql injection. This vulnerability is referenced as CVE-2025-12166. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as problematic was found in Frappe LMS up to 2.44.0. This impacts an unknown function. Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2026-23497. The attack can be launched remotely. No exploit exists. Applying a patch is advised to resolve this issue.

A vulnerability was found in WP-Members Membership Plugin up to 3.5.4.3 on WordPress and classified as problematic. This vulnerability affects unknown code of the component User Profile Handler. Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2025-14448. The attack can be launched remotely. No exploit exists.

A vulnerability classified as critical has been found in glenwpcoder Drag and Drop Multiple File Upload for Contact Form 7 Plugin up to 1.3.9.2 on WordPress. The affected element is the function dnd_codedropz_upload_delete. Performing a manipulation results in missing authorization. This vulnerability was named CVE-2025-14457. The attack may be initiated remotely. There is no available exploit.

Нейросеть Grok спровоцировала международный скандал и расследование в Британии.

A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. It has been classified as critical. Affected is the function delete of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeAddressController.java of the component Trade Address Deletion Endpoint. Performing a manipulation of the argument ids results in improper authorization. This vulnerability was named CVE-2026-1112. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Sanluan PublicCMS up to 5.202506.d and classified as critical. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of the argument path leads to path traversal. This vulnerability is uniquely identified as CVE-2026-1111. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #732771 / VDB-341704

Submit #732726 / VDB-341703

Ограничения на обновления, наследие, дефицит телеметрии и цена ошибки: что меняется, когда «данные» становятся «материей».

A vulnerability has been found in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04 and classified as critical. This affects the function rtsp_parse_method. This manipulation causes buffer overflow. This vulnerability is handled as CVE-2026-1110. It is possible to launch the attack on the local host. Additionally, an exploit exists. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. The impacted element is the function rtsp_parse_request. The manipulation results in buffer overflow. This vulnerability is known as CVE-2026-1109. Attacking locally is a requirement. Furthermore, an exploit is available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. The affected element is the function rtsp_rely_dumps. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2026-1108. An attack has to be approached locally. Furthermore, there is an exploit available. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #732603 / VDB-341702

Submit #732599 / VDB-341701

Submit #732598 / VDB-341700