VulDB Recent Entries

A vulnerability categorized as problematic has been discovered in Bytello Share. The affected element is an unknown function of the component Installer. Executing a manipulation can lead to uncontrolled search path. This vulnerability is registered as CVE-2026-44612. The attack needs to be launched locally. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in Canon Marketing Japan GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud. It has been rated as critical. Impacted is an unknown function of the component Request Handler. Performing a manipulation results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2026-32661. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Hitachi Vantara Pentaho Data Integration and Analytics up to 10.x. It has been declared as problematic. This issue affects some unknown processing of the component JDBC Driver. Such manipulation leads to dependency on vulnerable third-party component. This vulnerability is listed as CVE-2025-11159. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Gerrit 2.12; 0. It has been classified as problematic. This vulnerability affects unknown code of the component Submission Handler. This manipulation causes incorrect authorization. This vulnerability is tracked as CVE-2026-2725. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in beardev JoomSport Plugin up to 5.7.7 on WordPress and classified as critical. This affects an unknown part. The manipulation of the argument sortf results in sql injection. This vulnerability is identified as CVE-2026-6929. The attack can be executed remotely. There is not any exploit available.

A vulnerability has been found in themeum Tutor LMS Plugin up to 3.9.9 on WordPress and classified as critical. Affected by this issue is the function get_course_id_by. The manipulation of the argument course leads to authorization bypass. This vulnerability is referenced as CVE-2026-6965. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability, which was classified as problematic, was found in ghera74 ilGhera Support System for WooCommerce Plugin up to 1.3.0 on WordPress. Affected by this vulnerability is the function get_ticket_content_callback. Executing a manipulation can lead to authorization bypass. The identification of this vulnerability is CVE-2025-14033. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in wpcodefactory Cost of Goods Plugin up to 4.1.0 on WordPress. Affected is the function alg_wc_cog_product_cost of the component Shortcode Handler. Performing a manipulation results in cross site scripting. This vulnerability was named CVE-2026-6962. The attack may be initiated remotely. There is no available exploit.

A vulnerability classified as problematic was found in AMD Ionic Cloud Driver on Vmware. This impacts an unknown function. Such manipulation leads to untrusted pointer dereference. This vulnerability is uniquely identified as CVE-2025-62627. Local access is required to approach this attack. No exploit exists. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Fuji Electric Tellus 5.0.2. This affects an unknown function of the component Installation Handler. This manipulation causes exposed dangerous routine. This vulnerability is handled as CVE-2026-8108. It is possible to launch the attack on the local host. There is not any exploit available.

A vulnerability described as problematic has been identified in AMD EPYC 9004 Processors, EPYC 7003 Processors, EPYC 9005 Processors, EPYC 8004 Processors, EPYC Embedded 7003 Processors, EPYC Embedded 9004 Processors, EPYC Embedded 8004 Processors and EPYC Embedded 9005 Processors. The impacted element is an unknown function. The manipulation results in security-sensitive hardware controls with missing lock bit protection. This vulnerability is known as CVE-2025-61971. Attacking locally is a requirement. No exploit is available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in AMD EPYC 9004 Processors, EPYC 9005 Processors, EPYC 8004 Processors, EPYC Embedded 9004 Processors, EPYC Embedded 8004 Processors and EPYC Embedded 9005 Processors. The affected element is an unknown function. The manipulation leads to security-sensitive hardware controls with missing lock bit protection. This vulnerability is traded as CVE-2025-61972. An attack has to be approached locally. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in broadstreetads Broadstreet Plugin up to 1.53.1 on WordPress. Impacted is an unknown function of the component Setting Handler. Executing a manipulation can lead to cross site scripting. This vulnerability appears as CVE-2025-9989. The attack may be performed from remote. There is no available exploit.

A vulnerability identified as problematic has been detected in techjewel Fluent Forms Plugin up to 6.2.1 on WordPress. This issue affects some unknown processing of the component Conversation Handler. Performing a manipulation of the argument permission_message results in cross site scripting. This vulnerability is reported as CVE-2026-6828. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as critical has been discovered in reconurge flowsint up to 1.2.2. This vulnerability affects unknown code. Such manipulation leads to improper access controls. This vulnerability is documented as CVE-2026-44352. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Advantech SaaS Composer, IoTSuite Growth Linux docker, IoTSuite Starter Linux docker, IoT Edge Linux docker, IoT Edge Windows, WebAccess, SCADA, WebAccess SaaS-Composer and ECOWatch SaaS-Composer. It has been rated as critical. This affects an unknown part. This manipulation causes sql injection. This vulnerability is registered as CVE-2026-6888. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in warp-tech warpgate up to 0.23.2 on Linux. It has been declared as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument state results in cross-site request forgery. This vulnerability is cataloged as CVE-2026-44347. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in AMD EPYC 9004 Processors, EPYCSeries 4004 Processors, EPYC 8004 Processors, Instinct MI300A Processors, Ryzen Z1 Processors, Ryzen 7040 Mobile Processors with Radeon Graphics, Ryzen 7045 Mobile Processors with Radeon Graphics, Ryzen 9000 Desktop Processors, Ryzen 7000 Desktop Processors, Ryzen 8000 Desktop Processors, EPYC Embedded 9004 Processors, EPYC Embedded 8004 Processors, Ryzen Embedded 8000 Processors and Ryzen Embedded 7000 Processors. It has been classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to protection mechanism failure. This vulnerability is listed as CVE-2024-36315. The attack must be carried out locally. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in smub Charitable Plugin up to 1.8.10.4 on WordPress and classified as critical. Affected is the function edit_others_donations. Executing a manipulation of the argument s can lead to sql injection. This vulnerability is tracked as CVE-2026-7619. The attack can be launched remotely. No exploit exists.

A vulnerability has been found in broadstreetads Broadstreet Plugin up to 1.53.1 on WordPress and classified as critical. This impacts the function create_advertiser of the component AJAX Action Handler. Performing a manipulation results in improper authorization. This vulnerability is identified as CVE-2025-9988. The attack can be initiated remotely. There is not any exploit available.