CVE-2026-39852 - Quarkus authorization bypass via semicolon path normalization inconsistency
CVE ID :CVE-2026-39852
Published : May 5, 2026, 9:16 p.m. | 44 minutes ago
Description :Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows unauthenticated or lower-privileged users to bypass HTTP path-based authorization policies. Quarkus's security layer performs authorization checks on the raw URL path which preserves matrix parameters (semicolons), while RESTEasy Reactive's routing layer strips matrix parameters before matching endpoints. An attacker can append a semicolon and arbitrary text to a request URL (e.g., /api/admin;anything) to bypass policies protecting /api/admin while still routing to the protected endpoint. This issue has been fixed in versions 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-39852
Published : May 5, 2026, 9:16 p.m. | 44 minutes ago
Description :Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows unauthenticated or lower-privileged users to bypass HTTP path-based authorization policies. Quarkus's security layer performs authorization checks on the raw URL path which preserves matrix parameters (semicolons), while RESTEasy Reactive's routing layer strips matrix parameters before matching endpoints. An attacker can append a semicolon and arbitrary text to a request URL (e.g., /api/admin;anything) to bypass policies protecting /api/admin while still routing to the protected endpoint. This issue has been fixed in versions 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-40068 - Claude Code arbitrary code execution via git worktree commondir trust dialog bypass
CVE ID :CVE-2026-40068
Published : May 5, 2026, 9:16 p.m. | 44 minutes ago
Description :In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Code to bypass its trust confirmation dialog and immediately execute hooks defined in `.claude/settings.json`. Exploitation requires the victim to clone the malicious repository and run Claude Code within it, and the attacker must know or guess a path the victim had already trusted. This issue has been fixed in version 2.1.84.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-40068
Published : May 5, 2026, 9:16 p.m. | 44 minutes ago
Description :In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Code to bypass its trust confirmation dialog and immediately execute hooks defined in `.claude/settings.json`. Exploitation requires the victim to clone the malicious repository and run Claude Code within it, and the attacker must know or guess a path the victim had already trusted. This issue has been fixed in version 2.1.84.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-41950 - Dify < 1.14.0 Authorization Bypass via File UUID
CVE ID :CVE-2026-41950
Published : May 5, 2026, 9:16 p.m. | 44 minutes ago
Description :Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit insufficient permission verification in the chat-messages endpoints to access files without ownership validation, bypassing workspace separation and signed URL protections to retrieve sensitive file contents through workflow processing.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-41950
Published : May 5, 2026, 9:16 p.m. | 44 minutes ago
Description :Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit insufficient permission verification in the chat-messages endpoints to access files without ownership validation, bypassing workspace separation and signed URL protections to retrieve sensitive file contents through workflow processing.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-40075 - OpenMRS Core arbitrary file read via path traversal in ModuleResourcesServlet
CVE ID :CVE-2026-40075
Published : May 5, 2026, 9:25 p.m. | 35 minutes ago
Description :OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the `/openmrs/moduleResources/{moduleid}` endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a filesystem path from user-controlled input without performing path boundary validation — the getFile() method concatenates the user-supplied path into an absolute filesystem path without calling normalize() or checking that the result stays within the allowed module resources directory. Because this endpoint serves static resources required for rendering the login page, it is not protected by authentication filters, allowing unauthenticated exploitation. An attacker can traverse directories and read arbitrary files from the server filesystem, including /etc/passwd and application configuration files containing database credentials. Successful exploitation requires the target deployment to run on Apache Tomcat versions prior to 8.5.31, where the ..; path parameter bypass is not mitigated by the container. Deployments on Tomcat 8.5.31 or later and Tomcat 9.0.10 or later are protected at the container level, though the underlying code defect remains. This issue has been fixed in versions after 2.7.8 (within the 2.7.x branch) and in version 2.8.6 and later.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-40075
Published : May 5, 2026, 9:25 p.m. | 35 minutes ago
Description :OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the `/openmrs/moduleResources/{moduleid}` endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a filesystem path from user-controlled input without performing path boundary validation — the getFile() method concatenates the user-supplied path into an absolute filesystem path without calling normalize() or checking that the result stays within the allowed module resources directory. Because this endpoint serves static resources required for rendering the login page, it is not protected by authentication filters, allowing unauthenticated exploitation. An attacker can traverse directories and read arbitrary files from the server filesystem, including /etc/passwd and application configuration files containing database credentials. Successful exploitation requires the target deployment to run on Apache Tomcat versions prior to 8.5.31, where the ..; path parameter bypass is not mitigated by the container. Deployments on Tomcat 8.5.31 or later and Tomcat 9.0.10 or later are protected at the container level, though the underlying code defect remains. This issue has been fixed in versions after 2.7.8 (within the 2.7.x branch) and in version 2.8.6 and later.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-40110 - jupyter-server CORS origin validation bypass via unanchored regex in allow_origin_pat
CVE ID :CVE-2026-40110
Published : May 5, 2026, 9:29 p.m. | 31 minutes ago
Description :Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pat configuration value. Because re.match() only anchors at the start of the string and does not require a full match, a pattern intended to match only a trusted domain (e.g., trusted.example.com) will also match any origin that begins with that domain followed by additional characters (e.g., trusted.example.com.evil.com). An attacker who controls such a domain can bypass the CORS origin restriction and make cross-origin requests to the Jupyter Server API from an untrusted site. This issue has been fixed in version 2.18.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-40110
Published : May 5, 2026, 9:29 p.m. | 31 minutes ago
Description :Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pat configuration value. Because re.match() only anchors at the start of the string and does not require a full match, a pattern intended to match only a trusted domain (e.g., trusted.example.com) will also match any origin that begins with that domain followed by additional characters (e.g., trusted.example.com.evil.com). An attacker who controls such a domain can bypass the CORS origin restriction and make cross-origin requests to the Jupyter Server API from an untrusted site. This issue has been fixed in version 2.18.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-28780 - Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header()
CVE ID :CVE-2026-28780
Published : May 5, 2026, 9:29 p.m. | 31 minutes ago
Description :Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-28780
Published : May 5, 2026, 9:29 p.m. | 31 minutes ago
Description :Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-40934 - jupyter-server authentication cookies remain valid after password reset due to static cookie secret
CVE ID :CVE-2026-40934
Published : May 5, 2026, 9:31 p.m. | 29 minutes ago
Description :Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runtime/jupyter_cookie_secret and is never rotated when a user changes their password. After a password reset and server restart, any previously issued authentication cookie remains cryptographically valid because the signing key has not changed. An attacker who has captured a session cookie through any means retains full authenticated access to the server regardless of subsequent password changes. This affects deployments using password-based authentication, particularly shared or public-facing servers where credential rotation is expected to revoke existing sessions. This issue has been fixed in version 2.18.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-40934
Published : May 5, 2026, 9:31 p.m. | 29 minutes ago
Description :Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runtime/jupyter_cookie_secret and is never rotated when a user changes their password. After a password reset and server restart, any previously issued authentication cookie remains cryptographically valid because the signing key has not changed. An attacker who has captured a session cookie through any means retains full authenticated access to the server regardless of subsequent password changes. This affects deployments using password-based authentication, particularly shared or public-facing servers where credential rotation is expected to revoke existing sessions. This issue has been fixed in version 2.18.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-44405 - Paramiko RSA Key SHA-1 Vulnerability
CVE ID :CVE-2026-44405
Published : 2026年5月6日 00:16 | 1 小时,45 分钟 ago
Description :In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm.
Severity: 3.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-44405
Published : 2026年5月6日 00:16 | 1 小时,45 分钟 ago
Description :In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm.
Severity: 3.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-71251 - Apache IMS Remote Denial of Service Vulnerability
CVE ID :CVE-2025-71251
Published : 2026年5月6日 01:42 | 18 分钟 ago
Description :In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-71251
Published : 2026年5月6日 01:42 | 18 分钟 ago
Description :In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-71252 - "Modem IMS Remote Denial of Service Vulnerability"
CVE ID :CVE-2025-71252
Published : 2026年5月6日 01:43 | 18 分钟 ago
Description :In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-71252
Published : 2026年5月6日 01:43 | 18 分钟 ago
Description :In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-71253 - "Modem IMS Remote Denial of Service Vulnerability"
CVE ID :CVE-2025-71253
Published : 2026年5月6日 01:43 | 18 分钟 ago
Description :In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-71253
Published : 2026年5月6日 01:43 | 18 分钟 ago
Description :In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-71254 - "Modem IMS Remote Denial of Service Vulnerability"
CVE ID :CVE-2025-71254
Published : 2026年5月6日 01:43 | 18 分钟 ago
Description :In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-71254
Published : 2026年5月6日 01:43 | 18 分钟 ago
Description :In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-71255 - "Modem IMS Denial of Service Vulnerability"
CVE ID :CVE-2025-71255
Published : 2026年5月6日 01:43 | 18 分钟 ago
Description :In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-71255
Published : 2026年5月6日 01:43 | 18 分钟 ago
Description :In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-71256 - "NR Modem Remote Denial of Service (DoS) Vulnerability"
CVE ID :CVE-2025-71256
Published : 2026年5月6日 01:43 | 18 分钟 ago
Description :In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-71256
Published : 2026年5月6日 01:43 | 18 分钟 ago
Description :In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7572 - Velociraptor EVTX Parser — Process Crash via Crafted .evtx File
CVE ID :CVE-2026-7572
Published : May 6, 2026, 3:15 a.m. | 2 hours, 46 minutes ago
Description :An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service (DoS) via a process crash by providing a specially crafted .evtx file to the parse_evtx VQL plugin.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7572
Published : May 6, 2026, 3:15 a.m. | 2 hours, 46 minutes ago
Description :An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service (DoS) via a process crash by providing a specially crafted .evtx file to the parse_evtx VQL plugin.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7573 - GetUserRoles API endpoint allows any authenticated user to enumerate ACL policies across all organizations
CVE ID :CVE-2026-7573
Published : May 6, 2026, 3:15 a.m. | 2 hours, 46 minutes ago
Description :An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy (roles and permissions) for any user across all organizations by supplying targeted Name and Org parameters via a network request.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7573
Published : May 6, 2026, 3:15 a.m. | 2 hours, 46 minutes ago
Description :An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy (roles and permissions) for any user across all organizations by supplying targeted Name and Org parameters via a network request.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3208 - Mercado Pago payments for WooCommerce <= 8.7.11 - Missing Authorization to Unauthenticated PIX Payment QR Code Image Disclosure
CVE ID :CVE-2026-3208
Published : May 6, 2026, 4:16 a.m. | 1 hour, 46 minutes ago
Description :The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mp_pix_image' WooCommerce API endpoint in all versions up to, and including, 8.7.11. This makes it possible for unauthenticated attackers to retrieve PIX payment QR code images for arbitrary orders. PIX QR codes contain sensitive merchant information including PIX keys (which may be CPF/CNPJ personal identifiers), transaction amounts, merchant name and city, and MercadoPago transaction references.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3208
Published : May 6, 2026, 4:16 a.m. | 1 hour, 46 minutes ago
Description :The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mp_pix_image' WooCommerce API endpoint in all versions up to, and including, 8.7.11. This makes it possible for unauthenticated attackers to retrieve PIX payment QR code images for arbitrary orders. PIX QR codes contain sensitive merchant information including PIX keys (which may be CPF/CNPJ personal identifiers), transaction amounts, merchant name and city, and MercadoPago transaction references.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-5753 - All-in-One WP Migration Unlimited Extension <= 2.83 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Backup Schedule Creation and Backup File Download
CVE ID :CVE-2026-5753
Published : May 6, 2026, 4:16 a.m. | 1 hour, 46 minutes ago
Description :The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.83. This is due to the 'Ai1wmve_Schedules_Controller::save' handler for 'admin_post_ai1wm_schedule_event_save' not verifying user capabilities before saving schedule data. This makes it possible for authenticated attackers, with subscriber-level access and above, to create scheduled export jobs and send backup notifications to attacker-controlled email addresses. Because such notifications include the random backup filename, full site backups can subsequently be downloaded from the target site, resulting in sensitive information exposure.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-5753
Published : May 6, 2026, 4:16 a.m. | 1 hour, 46 minutes ago
Description :The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.83. This is due to the 'Ai1wmve_Schedules_Controller::save' handler for 'admin_post_ai1wm_schedule_event_save' not verifying user capabilities before saving schedule data. This makes it possible for authenticated attackers, with subscriber-level access and above, to create scheduled export jobs and send backup notifications to attacker-controlled email addresses. Because such notifications include the random backup filename, full site backups can subsequently be downloaded from the target site, resulting in sensitive information exposure.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2306 - Ninja Tables <= 5.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Table Creation
CVE ID :CVE-2026-2306
Published : May 6, 2026, 4:26 a.m. | 1 hour, 35 minutes ago
Description :The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to unauthorized database table creation due to missing authorization checks on the `createFluentCartTable` function in all versions up to, and including, 5.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary Ninja Tables in the database which can lead to database pollution and resource exhaustion.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-2306
Published : May 6, 2026, 4:26 a.m. | 1 hour, 35 minutes ago
Description :The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to unauthorized database table creation due to missing authorization checks on the `createFluentCartTable` function in all versions up to, and including, 5.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary Ninja Tables in the database which can lead to database pollution and resource exhaustion.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-35253 - Oracle Macaron Tool HTTP Host Address Validation Bypass
CVE ID :CVE-2026-35253
Published : May 6, 2026, 6:22 a.m. | 1 hour, 40 minutes ago
Description :Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Macaron Tool. Successful attacks of this vulnerability can result in Oracle Macaron Tool failing host address validation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-35253
Published : May 6, 2026, 6:22 a.m. | 1 hour, 40 minutes ago
Description :Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Macaron Tool. Successful attacks of this vulnerability can result in Oracle Macaron Tool failing host address validation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6344 - Fluent Forms <= 6.2.1 - Authenticated (Administrator+) Arbitrary File Read via Path Traversal in Email Attachment
CVE ID :CVE-2026-6344
Published : May 6, 2026, 6:47 a.m. | 1 hour, 15 minutes ago
Description :The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments() method of EmailNotificationActions, which resolves attacker-supplied file-upload URLs into filesystem paths without verifying that the resolved path stays inside the WordPress uploads directory: a strpos() prefix check on the raw URL can be bypassed with traversal sequences, wp_normalize_path() does not resolve ".\..\" segments, and file_exists() then resolves them at the kernel level. This makes it possible for authenticated attackers with administrator access to read arbitrary files readable by the web-server user — including wp-config.php with its database credentials and authentication salts — by submitting a form whose admin notification is configured to attach a file-upload field and supplying a crafted URL of the shape /../../ as the file-field value. The resolved file is attached to the outbound admin-notification email via wp_mail(). While the email can be triggered by unauthenticated users, the email recipient is not user-controlled.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6344
Published : May 6, 2026, 6:47 a.m. | 1 hour, 15 minutes ago
Description :The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments() method of EmailNotificationActions, which resolves attacker-supplied file-upload URLs into filesystem paths without verifying that the resolved path stays inside the WordPress uploads directory: a strpos() prefix check on the raw URL can be bypassed with traversal sequences, wp_normalize_path() does not resolve ".\..\" segments, and file_exists() then resolves them at the kernel level. This makes it possible for authenticated attackers with administrator access to read arbitrary files readable by the web-server user — including wp-config.php with its database credentials and authentication salts — by submitting a form whose admin notification is configured to attach a file-upload field and supplying a crafted URL of the shape /../../ as the file-field value. The resolved file is attached to the outbound admin-notification email via wp_mail(). While the email can be triggered by unauthenticated users, the email recipient is not user-controlled.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...