CVE tracker
339 subscribers
4.64K links
News monitoring: @irnewsagency

Main channel: @orgsecuritygate

Site: SecurityGate.org
Download Telegram
CVE-2026-13226 - Groundhogg <= 4.5.4 - Authenticated (Custom+) SQL Injection via 'after' Parameter

CVE ID :CVE-2026-13226
Published : June 26, 2026, 1:27 a.m. | 3 hours, 22 minutes ago
Description :The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including, 4.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Sales Manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The AJAX handler wp_ajax_groundhogg_get_contacts_table has its capability check commented out and performs no nonce verification, meaning any authenticated user regardless of role can reach the vulnerable code path.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8661 - Server-Side Cross-Site Scripting and SSRF in Rapid7 InsightConnect Markdown to PDF Plugin

CVE ID :CVE-2026-8661
Published : June 26, 2026, 1:59 a.m. | 2 hours, 50 minutes ago
Description :Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdown_to_pdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted content embedded in Markdown input. The PDF rendering engine does not restrict script execution or outbound network access.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8797 - An access control deficiency vulnerability exists

CVE ID :CVE-2026-8797
Published : June 26, 2026, 4:14 a.m. | 4 hours, 36 minutes ago
Description :An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10268 - Printcart Web to Print Product Designer for WooCommerce <= 2.4.8 - Unauthenticated Folder Content Disclosure via Path Traversal

CVE ID :CVE-2025-10268
Published : June 26, 2026, 6 a.m. | 2 hours, 50 minutes ago
Description :The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-10823 - YMC Smart Filter < 3.11.3 - Unauthenticated Private/Draft Post Disclosure

CVE ID :CVE-2026-10823
Published : June 26, 2026, 6 a.m. | 2 hours, 50 minutes ago
Description :The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-10835 - SALESmanago & Leadoo < 3.11.3 - Subscriber+ SQL Injection

CVE ID :CVE-2026-10835
Published : June 26, 2026, 6 a.m. | 2 hours, 50 minutes ago
Description :The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as subscribers, to perform SQL injection attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8380 - Frontend File Manager Plugin <= 23.6 - Author+ Arbitrary Post Deletion

CVE ID :CVE-2026-8380
Published : June 26, 2026, 6 a.m. | 2 hours, 50 minutes ago
Description :The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of every targeted post before permanent deletion, allowing authenticated users with author-level access and above to permanently delete arbitrary posts and pages. When the Frontend File Manager Plugin WordPress plugin through 23.6's "Allow guest uploads" setting is enabled by an administrator, the same deletion primitive becomes reachable by unauthenticated users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-49486 - Apache Airflow FTP provider: FTP Provider does not protect FTPS data channel (missing PROT_P)

CVE ID :CVE-2026-49486
Published : June 26, 2026, 7:05 a.m. | 1 hour, 45 minutes ago
Description :The Apache Airflow FTP provider's `FTPSHook.get_conn()` created an `ftplib.FTP_TLS` connection but never called `prot_p()`, so although the control channel was TLS-protected the data channel was transmitted in cleartext. Any deployment using `FTPSHook` or `FTPSFileTransmitOperator` to move files over FTPS exposed file contents and credentials-in-transit to a network attacker able to observe the data connection. Upgrade apache-airflow-providers-ftp to `3.15.1` or later, which issues `PROT P` to encrypt the data channel.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57872 - GV-LPC2011/LPC2211 - unauthorized directory traversal vulnerability (get_fcont.cgi)

CVE ID :CVE-2026-57872
Published : June 26, 2026, 7:17 a.m. | 1 hour, 33 minutes ago
Description :An unauthenticated directory traversal vulnerability exists in get_fcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attacker may exploit this vulnerability by sending a crafted request to read arbitrary files accessible to the affected process, resulting in information disclosure.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57873 - GV-LPC2011/LPC2211 - unauthorized null pointer dereference vulnerability (IEEE8021x_upload.cgi)

CVE ID :CVE-2026-57873
Published : June 26, 2026, 7:17 a.m. | 1 hour, 33 minutes ago
Description :An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker may exploit this vulnerability by sending a malformed multipart request, causing the affected CGI process to crash and resulting in a denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57874 - GV-LPC2011/LPC2211 - unauthorized buffer overflow vulnerability (IEEE8021x_upload.cgi)

CVE ID :CVE-2026-57874
Published : June 26, 2026, 7:17 a.m. | 1 hour, 33 minutes ago
Description :An unauthenticated buffer overflow vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing filename values in multipart upload data. A remote attacker may exploit this vulnerability by sending a crafted upload request with overly long input, causing memory corruption and resulting in a denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57875 - GV-LPC2011/LPC2211 - unauthorized null pointer dereference vulnerability in packet parsing

CVE ID :CVE-2026-57875
Published : June 26, 2026, 7:17 a.m. | 1 hour, 33 minutes ago
Description :An unauthenticated NULL pointer dereference vulnerability exists in the HTTP request parsing logic of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of required HTTP request metadata before it is used by the affected components. A remote attacker may exploit this vulnerability by sending a specially crafted HTTP request, causing the affected process to crash and resulting in a denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57876 - GV-LPC2011/LPC2211 - unauthorized out-of-bounds writing vulnerability (onvif.cgi)

CVE ID :CVE-2026-57876
Published : June 26, 2026, 7:17 a.m. | 1 hour, 33 minutes ago
Description :An unauthenticated out-of-bounds write vulnerability exists in onvif.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing HTTP request body data. A remote attacker may exploit this vulnerability by sending a crafted request with excessive input, causing memory corruption and resulting in a denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57877 - GV-LPC2011/LPC2211 - unauthorized format string vulnerability (vlsvr)

CVE ID :CVE-2026-57877
Published : June 26, 2026, 7:17 a.m. | 1 hour, 33 minutes ago
Description :An unauthenticated format string vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper handling of externally controlled input during log message formatting in the login processing path. A remote attacker may exploit this vulnerability by sending crafted login data, potentially causing information disclosure, memory corruption, or a denial of service.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57878 - GV-LPC2011/LPC2211 - unauthorized buffer overflow vulnerability (thttpd)

CVE ID :CVE-2026-57878
Published : June 26, 2026, 7:17 a.m. | 1 hour, 33 minutes ago
Description :An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing web request parameters in a specific request path. A remote attacker may exploit this vulnerability by sending a crafted HTTP request with overly long input, resulting in memory corruption, denial of service, or potentially arbitrary code execution.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57879 - GV-LPC2011/LPC2211 - unauthorized buffer overflow via AuthMode/AuthValue path (ssvr)

CVE ID :CVE-2026-57879
Published : June 26, 2026, 7:17 a.m. | 1 hour, 33 minutes ago
Description :An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing RTSP custom authentication data. A remote attacker may exploit this vulnerability by sending a crafted RTSP request, resulting in memory corruption, denial of service, or potentially arbitrary code execution.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57880 - GV-LPC2011/LPC2211 - unauthorized buffer overflow via RTSP Digest username (ssvr)

CVE ID :CVE-2026-57880
Published : June 26, 2026, 7:17 a.m. | 1 hour, 33 minutes ago
Description :An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing RTSP Digest authentication fields. A remote attacker may exploit this vulnerability by sending a crafted RTSP request containing overly long authentication data, resulting in memory corruption, denial of service, or potentially arbitrary code execution.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57881 - GV-LPC2011/LPC2211 - unauthorized stack-based buffer overflow vulnerability (vlsvr)

CVE ID :CVE-2026-57881
Published : June 26, 2026, 7:17 a.m. | 1 hour, 33 minutes ago
Description :An unauthenticated stack-based buffer overflow vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient length validation when processing remote login data. A remote attacker may exploit this vulnerability by sending crafted login data with overly long input, resulting in memory corruption, denial of service, or potentially arbitrary code execution.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2053 - Unauthenticated Server-Side Request Forgery via WS-Addressing in WSO2 API Manager

CVE ID :CVE-2026-2053
Published : June 26, 2026, 7:26 a.m. | 1 hour, 24 minutes ago
Description :The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an attacker to manipulate WS-Addressing headers to specify arbitrary destinations for server-initiated requests. Successful exploitation allows an unauthenticated attacker to control the destination of server-initiated requests originating from the WSO2 API Manager. This direct control can enable unauthorized access to internal network resources or services that would typically be inaccessible from external networks.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1869 - User Registration & Membership <= 5.2.0 - Missing Authorization to Unauthenticated Payment Bypass

CVE ID :CVE-2026-1869
Published : June 26, 2026, 7:54 a.m. | 56 minutes ago
Description :The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing validation checks in the confirm_payment() function in all versions up to, and including, 5.2.0. This makes it possible for unauthenticated attackers to bypass payment processing and activate paid memberships.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-11625 - Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes

CVE ID :CVE-2026-11625
Published : June 26, 2026, 8:07 a.m. | 43 minutes ago
Description :Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess applications are predictable across processes.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...