CVE tracker
356 subscribers
4.8K links
News monitoring: @irnewsagency

Main channel: @orgsecuritygate

Site: SecurityGate.org
Download Telegram
CVE-2026-15070 - Salon Booking System <= 10.30.32 - Cross-Site Request Forgery to Remote Code Execution via 'value' Parameter

CVE ID :CVE-2026-15070
Published : July 10, 2026, 3:31 a.m. | 47 minutes ago
Description :The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This makes it possible for unauthenticated attackers to inject arbitrary PHP code into the web-accessible translate-constants.php file within the plugin directory, enabling remote code execution on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. sanitize_text_field() is applied to the POST 'value' parameter but does not neutralize the characters — single quotes, parentheses, semicolons, $, and [] — required to break out of the PHP string literal into which the value is interpolated before being written to disk via file_put_contents().
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-13430 - Post Export Import with Media <= 1.13.1 - Authenticated (Administrator+) Arbitrary File Upload via Trailing-Dot Filename Bypass in ZIP Media Import

CVE ID :CVE-2026-13430
Published : July 10, 2026, 3:31 a.m. | 47 minutes ago
Description :The Post Export Import with Media plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.13.1 via the import_media_file_secure function. This is due to insufficient file extension validation caused by a trailing-dot filename bypass, where the extension allow-list check in ajax_import_media_start() uses pathinfo() on the raw ZIP entry name (e.g., 'shell.php.'), which returns an empty string for the extension, causing the allow-list guard to be skipped and the file to be extracted to a temporary location, after which import_media_file_secure() copies it into the WordPress uploads directory without re-validating the extension. This makes it possible for authenticated attackers, with administrator-level access and above, to upload files that may be executable, which makes remote code execution possible.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-11392 - WP Hotel Booking <= 2.3.1 - Reflected Cross-Site Scripting via 'check_in_date' and 'check_out_date' Parameters

CVE ID :CVE-2026-11392
Published : July 10, 2026, 3:31 a.m. | 47 minutes ago
Description :The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'check_in_date' and 'check_out_date' parameters in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-11818 - WPCafe <= 3.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via REST API

CVE ID :CVE-2026-11818
Published : July 10, 2026, 3:31 a.m. | 47 minutes ago
Description :The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to list, create, update, delete, clone, and bulk-delete notification flow workflows that are intended to be managed only by administrators. The only protection on these endpoints is a wp_rest nonce check, which is obtainable by any logged-in user from the frontend page source.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21044 - Samsung KnoxGuardManager Improper Authorization Vulnerability

CVE ID :CVE-2026-21044
Published : July 10, 2026, 5:16 a.m. | 3 hours, 3 minutes ago
Description :Improper authorization in KnoxGuardManager prior to SMR Jul-2026 Release 1 allows local attackers to bypass the persistence configuration of the application.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21045 - Quram libimagecodec Out-of-Bounds Write

CVE ID :CVE-2026-21045
Published : July 10, 2026, 5:16 a.m. | 3 hours, 3 minutes ago
Description :Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21046 - FabricKeymaster Trustlet Time-of-Check Time-of-Use Race Condition

CVE ID :CVE-2026-21046
Published : July 10, 2026, 5:16 a.m. | 3 hours, 3 minutes ago
Description :Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21048 - libimagecodec Out-of-Bounds Write

CVE ID :CVE-2026-21048
Published : July 10, 2026, 5:16 a.m. | 3 hours, 3 minutes ago
Description :Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21049 - libpadm Out-of-bounds Write Vulnerability

CVE ID :CVE-2026-21049
Published : July 10, 2026, 5:16 a.m. | 3 hours, 3 minutes ago
Description :Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21050 - SmartThingsKit Improper Access Control Vulnerability

CVE ID :CVE-2026-21050
Published : July 10, 2026, 5:16 a.m. | 3 hours, 3 minutes ago
Description :Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21051 - Tencent WLAN Security Incorrect Default Permissions Vulnerability

CVE ID :CVE-2026-21051
Published : July 10, 2026, 5:16 a.m. | 3 hours, 3 minutes ago
Description :Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21052 - SemClipboardService Path Traversal Vulnerability

CVE ID :CVE-2026-21052
Published : July 10, 2026, 5:16 a.m. | 3 hours, 3 minutes ago
Description :Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21053 - Samsung Email Improper Input Validation Arbitrary File Creation

CVE ID :CVE-2026-21053
Published : July 10, 2026, 5:16 a.m. | 3 hours, 3 minutes ago
Description :Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21054 - InputSharing Improper Component Export Vulnerability

CVE ID :CVE-2026-21054
Published : July 10, 2026, 5:16 a.m. | 3 hours, 3 minutes ago
Description :Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21055 - Samsung Bixby Improper Component Export Vulnerability

CVE ID :CVE-2026-21055
Published : July 10, 2026, 5:16 a.m. | 3 hours, 3 minutes ago
Description :Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21056 - Samsung Health Improper Authorization Vulnerability

CVE ID :CVE-2026-21056
Published : July 10, 2026, 5:16 a.m. | 3 hours, 3 minutes ago
Description :Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21057 - Samsung Pass Out-of-Bounds Memory Write Vulnerability

CVE ID :CVE-2026-21057
Published : July 10, 2026, 5:16 a.m. | 3 hours, 3 minutes ago
Description :Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-13347 - Hide My WP Lite <= 1.3 - Unauthenticated Path Traversal to Arbitrary File Read via 'he_wrapper_js' Parameter

CVE ID :CVE-2026-13347
Published : July 10, 2026, 6:51 a.m. | 1 hour, 28 minutes ago
Description :The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the he_wrapper_js and he_wrapper_css query parameters processed by the elementor_assets_filter() function. This is due to the function concatenating user-supplied input directly onto ABSPATH and passing the result to file_get_contents() without any path traversal validation, allow-list, realpath containment, or extension check; the result is then echoed in the HTTP response. Although the output is passed through wp_kses_post(), that function only filters HTML tags and does not prevent disclosure of arbitrary file contents. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the affected site's server (such as wp-config). Note: The exploit requires the Elementor plugin and the 'Hide Elementor' feature to be enabled.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-28564 - Apache IoTDB: REST Basic Authentication Accepts Stale Cached Credentials

CVE ID :CVE-2026-28564
Published : July 10, 2026, 7:08 a.m. | 1 hour, 11 minutes ago
Description :Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentication Accepts Stale Cached Credentials This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-40005 - Apache IoTDB: Path Traversal in Pipe File Transfer Receiver

CVE ID :CVE-2026-40005
Published : July 10, 2026, 7:09 a.m. | 1 hour, 9 minutes ago
Description :Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...