CVE-2026-7467 - Read More & Accordion <= 3.5.7 - Privilege Escalation via importData
CVE ID :CVE-2026-7467
Published : May 20, 2026, 2:16 a.m. | 1 hour, 13 minutes ago
Description :The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the 'RadMoreAjax::importData' function not restricting which database tables can be written to during import and not properly validating the imported data. This makes it possible for authenticated attackers, with permission granted by the site owner through the plugin's role settings, to insert arbitrary rows into the 'wp_users' and 'wp_usermeta' tables, including the 'wp_capabilities' field, allowing them to create a new administrator account and gain administrator access to the site.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7467
Published : May 20, 2026, 2:16 a.m. | 1 hour, 13 minutes ago
Description :The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the 'RadMoreAjax::importData' function not restricting which database tables can be written to during import and not properly validating the imported data. This makes it possible for authenticated attackers, with permission granted by the site owner through the plugin's role settings, to insert arbitrary rows into the 'wp_users' and 'wp_usermeta' tables, including the 'wp_capabilities' field, allowing them to create a new administrator account and gain administrator access to the site.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7472 - Read More & Accordion <= 3.5.7 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter
CVE ID :CVE-2026-7472
Published : May 20, 2026, 2:16 a.m. | 1 hour, 13 minutes ago
Description :The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of esc_sql() without surrounding the value in quotes in an ORDER BY clause inside the getAllDataByLimit() and getAccordionAllDataByLimit() functions in ReadMoreData.php. The user-supplied $_GET['orderby'] value is only processed through esc_attr() (an HTML-escaping function) before being passed to these database functions, where esc_sql() is applied but the value is directly concatenated—unquoted—into the ORDER BY fragment of the SQL query before $wpdb->prepare() is called. Because esc_sql() only escapes quote characters and backslashes (which are irrelevant in an unquoted ORDER BY context), an attacker can inject arbitrary SQL expressions such as (SELECT SLEEP(5)) or conditional subqueries to perform time-based blind data extraction. This makes it possible for authenticated attackers with administrator-level access or above (or any role explicitly permitted access to the plugin's admin pages via the yrm-user-roles setting) to extract sensitive data from the database, including administrator credential hashes.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7472
Published : May 20, 2026, 2:16 a.m. | 1 hour, 13 minutes ago
Description :The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of esc_sql() without surrounding the value in quotes in an ORDER BY clause inside the getAllDataByLimit() and getAccordionAllDataByLimit() functions in ReadMoreData.php. The user-supplied $_GET['orderby'] value is only processed through esc_attr() (an HTML-escaping function) before being passed to these database functions, where esc_sql() is applied but the value is directly concatenated—unquoted—into the ORDER BY fragment of the SQL query before $wpdb->prepare() is called. Because esc_sql() only escapes quote characters and backslashes (which are irrelevant in an unquoted ORDER BY context), an attacker can inject arbitrary SQL expressions such as (SELECT SLEEP(5)) or conditional subqueries to perform time-based blind data extraction. This makes it possible for authenticated attackers with administrator-level access or above (or any role explicitly permitted access to the plugin's admin pages via the yrm-user-roles setting) to extract sensitive data from the database, including administrator credential hashes.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8038 - Faces of Users <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'default' Shortcode Attribute
CVE ID :CVE-2026-8038
Published : May 20, 2026, 2:16 a.m. | 1 hour, 13 minutes ago
Description :The Faces of Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in the 'facesofusers' shortcode in all versions up to, and including, 0.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8038
Published : May 20, 2026, 2:16 a.m. | 1 hour, 13 minutes ago
Description :The Faces of Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in the 'facesofusers' shortcode in all versions up to, and including, 0.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8418 - Games Catalog <= 1.2.0 - Cross-Site Request Forgery to Arbitrary Game/Post Deletion
CVE ID :CVE-2026-8418
Published : May 20, 2026, 2:16 a.m. | 1 hour, 13 minutes ago
Description :The Games Catalog plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the gc_crud() function which handles the delete action (action=delete) via a GET request without any wp_verify_nonce() / check_admin_referer() call. This makes it possible for unauthenticated attackers to delete arbitrary game catalog entries (including the associated WordPress post created for the game) via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8418
Published : May 20, 2026, 2:16 a.m. | 1 hour, 13 minutes ago
Description :The Games Catalog plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the gc_crud() function which handles the delete action (action=delete) via a GET request without any wp_verify_nonce() / check_admin_referer() call. This makes it possible for unauthenticated attackers to delete arbitrary game catalog entries (including the associated WordPress post created for the game) via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8419 - Amazon Scraper <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update
CVE ID :CVE-2026-8419
Published : May 20, 2026, 2:16 a.m. | 1 hour, 13 minutes ago
Description :The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8419
Published : May 20, 2026, 2:16 a.m. | 1 hour, 13 minutes ago
Description :The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8420 - BLOGCHAT Chat System <= 1.3.6.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update
CVE ID :CVE-2026-8420
Published : May 20, 2026, 2:16 a.m. | 1 hour, 13 minutes ago
Description :The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8420
Published : May 20, 2026, 2:16 a.m. | 1 hour, 13 minutes ago
Description :The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8423 - JaviBola Custom Theme Test <= 2.0.5 - Cross-Site Request Forgery
CVE ID :CVE-2026-8423
Published : May 20, 2026, 2:16 a.m. | 1 hour, 13 minutes ago
Description :The JaviBola Custom Theme Test plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the options page. This makes it possible for unauthenticated attackers to change the site's active theme by modifying the jbct_theme option via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8423
Published : May 20, 2026, 2:16 a.m. | 1 hour, 13 minutes ago
Description :The JaviBola Custom Theme Test plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the options page. This makes it possible for unauthenticated attackers to change the site's active theme by modifying the jbct_theme option via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8424 - Remove Yellow BGBOX <= 1.0 - Cross-Site Request Forgery
CVE ID :CVE-2026-8424
Published : May 20, 2026, 2:16 a.m. | 1 hour, 13 minutes ago
Description :The Remove Yellow BGBOX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'rybb_api_settings' page. This makes it possible for unauthenticated attackers to reset the plugin's stored settings by overwriting its configuration via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8424
Published : May 20, 2026, 2:16 a.m. | 1 hour, 13 minutes ago
Description :The Remove Yellow BGBOX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'rybb_api_settings' page. This makes it possible for unauthenticated attackers to reset the plugin's stored settings by overwriting its configuration via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8610 - TypeSquare Webfonts for ConoHa <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification via 'fontThemeUseType' Parameter
CVE ID :CVE-2026-8610
Published : May 20, 2026, 2:16 a.m. | 1 hour, 13 minutes ago
Description :The TypeSquare Webfonts for ConoHa plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the plugin's site-wide font settings, including the typesquare_auth option (fontThemeUseType), show_post_form, and typesquare_fonttheme, by submitting a POST request to any wp-admin page. For fontThemeUseType values 1 and 3, no nonce verification is performed either, meaning those branches are additionally exploitable via cross-site request forgery.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8610
Published : May 20, 2026, 2:16 a.m. | 1 hour, 13 minutes ago
Description :The TypeSquare Webfonts for ConoHa plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the plugin's site-wide font settings, including the typesquare_auth option (fontThemeUseType), show_post_form, and typesquare_fonttheme, by submitting a POST request to any wp-admin page. For fontThemeUseType values 1 and 3, no nonce verification is performed either, meaning those branches are additionally exploitable via cross-site request forgery.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8624 - LJ comments import: reloaded <= 0.97.1 - Reflected Cross-Site Scripting via PHP_SELF Parameter
CVE ID :CVE-2026-8624
Published : May 20, 2026, 2:16 a.m. | 1 hour, 13 minutes ago
Description :The LJ comments import: reloaded plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Parameter in all versions up to, and including, 0.97.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. The vulnerability arises specifically because PHP_SELF includes attacker-controllable PATH_INFO appended to the script name, and there are two distinct unsanitized echo points for this value in the same function.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8624
Published : May 20, 2026, 2:16 a.m. | 1 hour, 13 minutes ago
Description :The LJ comments import: reloaded plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Parameter in all versions up to, and including, 0.97.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. The vulnerability arises specifically because PHP_SELF includes attacker-controllable PATH_INFO appended to the script name, and there are two distinct unsanitized echo points for this value in the same function.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8626 - SponsorMe <= 0.5.2 - Reflected Cross-Site Scripting via PHP_SELF Parameter
CVE ID :CVE-2026-8626
Published : May 20, 2026, 2:16 a.m. | 1 hour, 13 minutes ago
Description :The SponsorMe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Parameter in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. The PHP_SELF value is reflected in two separate locations within the vulnerable function — a form action attribute and an anchor href attribute — both of which can be exploited by appending a crafted payload to the wp-admin/admin.php URL path.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8626
Published : May 20, 2026, 2:16 a.m. | 1 hour, 13 minutes ago
Description :The SponsorMe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Parameter in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. The PHP_SELF value is reflected in two separate locations within the vulnerable function — a form action attribute and an anchor href attribute — both of which can be exploited by appending a crafted payload to the wp-admin/admin.php URL path.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8627 - Correct Prices <= 1.0 - Reflected Cross-Site Scripting via PHP_SELF Parameter
CVE ID :CVE-2026-8627
Published : May 20, 2026, 2:16 a.m. | 1 hour, 13 minutes ago
Description :The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $_SERVER['PHP_SELF'] variable in versions up to and including 1.0. This is due to the correct_prices_page() function echoing $_SERVER['PHP_SELF'] into a form's action attribute without any input sanitization or output escaping (such as esc_url() or esc_attr()). Because PHP_SELF reflects attacker-controlled path-info appended to the script URL, an attacker can break out of the attribute and inject arbitrary markup. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a specially crafted link.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8627
Published : May 20, 2026, 2:16 a.m. | 1 hour, 13 minutes ago
Description :The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $_SERVER['PHP_SELF'] variable in versions up to and including 1.0. This is due to the correct_prices_page() function echoing $_SERVER['PHP_SELF'] into a form's action attribute without any input sanitization or output escaping (such as esc_url() or esc_attr()). Because PHP_SELF reflects attacker-controlled path-info appended to the script URL, an attacker can break out of the attribute and inject arbitrary markup. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a specially crafted link.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8685 - Infility Global <= 2.15.16 - Authenticated (Subscriber+) SQL Injection via 'orderby' Parameter
CVE ID :CVE-2026-8685
Published : May 20, 2026, 2:16 a.m. | 1 hour, 13 minutes ago
Description :The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query within the show_control_data::post_list() function, which is registered as an admin menu page with only the 'read' capability. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8685
Published : May 20, 2026, 2:16 a.m. | 1 hour, 13 minutes ago
Description :The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query within the show_control_data::post_list() function, which is registered as an admin menu page with only the 'read' capability. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24160 - NVIDIA TRT-LLM Null Pointer Dereference Denial of Service
CVE ID :CVE-2026-24160
Published : May 20, 2026, 4:16 a.m. | 3 hours, 14 minutes ago
Description :NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-24160
Published : May 20, 2026, 4:16 a.m. | 3 hours, 14 minutes ago
Description :NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24163 - NVIDIA TRT-LLM RPC Deserialization Vulnerability
CVE ID :CVE-2026-24163
Published : May 20, 2026, 4:16 a.m. | 3 hours, 14 minutes ago
Description :NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-24163
Published : May 20, 2026, 4:16 a.m. | 3 hours, 14 minutes ago
Description :NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24206 - NVIDIA Triton Inference Server Authentication Bypass Vulnerability
CVE ID :CVE-2026-24206
Published : May 20, 2026, 4:16 a.m. | 3 hours, 14 minutes ago
Description :NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to escalation of privileges, denial of service, or information disclosure.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-24206
Published : May 20, 2026, 4:16 a.m. | 3 hours, 14 minutes ago
Description :NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to escalation of privileges, denial of service, or information disclosure.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24207 - NVIDIA Triton Inference Server Authentication Bypass
CVE ID :CVE-2026-24207
Published : May 20, 2026, 4:16 a.m. | 3 hours, 14 minutes ago
Description :NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-24207
Published : May 20, 2026, 4:16 a.m. | 3 hours, 14 minutes ago
Description :NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24208 - NVIDIA Triton Inference Server Path Traversal Denial of Service
CVE ID :CVE-2026-24208
Published : May 20, 2026, 4:16 a.m. | 3 hours, 14 minutes ago
Description :NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to denial of service.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-24208
Published : May 20, 2026, 4:16 a.m. | 3 hours, 14 minutes ago
Description :NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to denial of service.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24209 - NVIDIA Triton Inference Server Path Traversal Denial of Service Vulnerability
CVE ID :CVE-2026-24209
Published : May 20, 2026, 4:16 a.m. | 3 hours, 14 minutes ago
Description :NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-24209
Published : May 20, 2026, 4:16 a.m. | 3 hours, 14 minutes ago
Description :NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24210 - NVIDIA Triton Inference Server Integer Overflow Denial of Service
CVE ID :CVE-2026-24210
Published : May 20, 2026, 4:16 a.m. | 3 hours, 14 minutes ago
Description :NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-24210
Published : May 20, 2026, 4:16 a.m. | 3 hours, 14 minutes ago
Description :NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24213 - NVIDIA Triton Inference Server Out-of-Bounds Read Vulnerability
CVE ID :CVE-2026-24213
Published : May 20, 2026, 4:16 a.m. | 3 hours, 14 minutes ago
Description :NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, or information disclosure.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-24213
Published : May 20, 2026, 4:16 a.m. | 3 hours, 14 minutes ago
Description :NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, or information disclosure.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...