π¨ CVE-2026-56069
Unauthenticated Insecure Direct Object References (IDOR) in Toolset Forms <= 2.6.24 versions.
π@cveNotify
Unauthenticated Insecure Direct Object References (IDOR) in Toolset Forms <= 2.6.24 versions.
π@cveNotify
Patchstack
Insecure Direct Object References (IDOR) in WordPress Toolset Forms Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57315
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.45 versions.
π@cveNotify
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.45 versions.
π@cveNotify
Patchstack
Remote Code Execution (RCE) in WordPress Blocksy Companion Pro Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
β€1
π¨ CVE-2026-57322
Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2 versions.
π@cveNotify
Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress weMail Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57617
Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions.
π@cveNotify
Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress SeedProd Pro Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57630
Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro <= 2.1.46 versions.
π@cveNotify
Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro <= 2.1.46 versions.
π@cveNotify
Patchstack
Insecure Direct Object References (IDOR) in WordPress Blocksy Companion Pro Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57655
Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.
π@cveNotify
Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.
π@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Child Theme Wizard Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57661
Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions.
π@cveNotify
Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions.
π@cveNotify
Patchstack
Broken Access Control in WordPress WPComplete Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-23581
The HCL Traveler for Microsoft Outlook libraries are being flagged as potentially malicious software or an unrecognized application.
π@cveNotify
The HCL Traveler for Microsoft Outlook libraries are being flagged as potentially malicious software or an unrecognized application.
π@cveNotify
π¨ CVE-2026-38639
An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of Service (DoS) via parsing a crafted input.
π@cveNotify
An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of Service (DoS) via parsing a crafted input.
π@cveNotify
GitHub
pocs/redox/CVE-2026-38639 at master Β· Marsman1996/pocs
to show pocs found. Contribute to Marsman1996/pocs development by creating an account on GitHub.
π¨ CVE-2026-38641
An issue in the DSO::mmap_and_copy function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via loading a crafted shared library.
π@cveNotify
An issue in the DSO::mmap_and_copy function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via loading a crafted shared library.
π@cveNotify
GitHub
pocs/redox/CVE-2026-38641 at master Β· Marsman1996/pocs
to show pocs found. Contribute to Marsman1996/pocs development by creating an account on GitHub.
π¨ CVE-2026-39031
Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. This allows an attacker with local access to recover any encrypted password to plaintext using a single SHA-1 hash and RC4 decryption operation, with no brute force required.
π@cveNotify
Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. This allows an attacker with local access to recover any encrypted password to plaintext using a single SHA-1 hash and RC4 decryption operation, with no brute force required.
π@cveNotify
GitHub
GitHub - user6400/cve-2026-39031-lansweeper-lsrunase2-lsencrypt2: CVE-2026-39031 β offline plaintext password recovery for Lansweeperβ¦
CVE-2026-39031 β offline plaintext password recovery for Lansweeper lsrunase 2.0 / lsencrypt 2.0 via a hardcoded RC4 key. PoC + technical advisory. - user6400/cve-2026-39031-lansweeper-lsrunase2-ls...
π¨ CVE-2026-46604
The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset.
π@cveNotify
The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset.
π@cveNotify
π¨ CVE-2026-46710
Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege escalation vulnerability in the installer. During installation, the installer invokes powershell.exe without using an absolute path after setting the working directory to the installation contextMenu directory. If an attacker can pre-place a malicious powershell.exe in a user-writable custom installation directory, and a privileged user later runs the installer and selects that directory, the attacker-controlled executable is launched with the elevated privileges of the installer. This vulnerability is fixed in 8.9.6.
π@cveNotify
Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege escalation vulnerability in the installer. During installation, the installer invokes powershell.exe without using an absolute path after setting the working directory to the installation contextMenu directory. If an attacker can pre-place a malicious powershell.exe in a user-writable custom installation directory, and a privileged user later runs the installer and selects that directory, the attacker-controlled executable is launched with the elevated privileges of the installer. This vulnerability is fixed in 8.9.6.
π@cveNotify
GitHub
Installer enhancement: file path from registry instead of hard-coding Β· notepad-plus-plus/notepad-plus-plus@1d4aabe
Notepad++ official repository. Contribute to notepad-plus-plus/notepad-plus-plus development by creating an account on GitHub.
π¨ CVE-2026-48770
Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malformed WM_COPYDATA message to Notepad++ using the COPYDATA_FULL_CMDLINE path. The handler appears to process COPYDATASTRUCT.lpData as an unbounded NUL-terminated wchar_t* instead of enforcing COPYDATASTRUCT.cbData. This vulnerability is fixed in 8.9.6.1.
π@cveNotify
Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malformed WM_COPYDATA message to Notepad++ using the COPYDATA_FULL_CMDLINE path. The handler appears to process COPYDATASTRUCT.lpData as an unbounded NUL-terminated wchar_t* instead of enforcing COPYDATASTRUCT.cbData. This vulnerability is fixed in 8.9.6.1.
π@cveNotify
GitHub
Fix bad formed COPYDATASTRUCT makes Notepad++ crash (CVE-2026-48770) Β· notepad-plus-plus/notepad-plus-plus@f20a088
Fix https://github.com/notepad-plus-plus/notepad-plus-plus/security/advisories/GHSA-r39g-3mcw-xcg2
π¨ CVE-2026-48778
Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <GUIConfig name="commandLineInterpreter"> tag in config.xml is read by NppXml::value() (Parameters.cpp:6430) and stored in _nppGUI._commandLineInterpreter without any validation, whitelist, or digital signature check. When the user triggers IDM_FILE_OPEN_CMD (File β Open Containing Folder β cmd), NppCommands.cpp:228 creates a Command object with this value and calls run(), which invokes ShellExecute (RunDlg.cpp:221) with the attacker-controlled string as the executable path. This vulnerability is fixed in 8.9.6.1.
π@cveNotify
Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <GUIConfig name="commandLineInterpreter"> tag in config.xml is read by NppXml::value() (Parameters.cpp:6430) and stored in _nppGUI._commandLineInterpreter without any validation, whitelist, or digital signature check. When the user triggers IDM_FILE_OPEN_CMD (File β Open Containing Folder β cmd), NppCommands.cpp:228 creates a Command object with this value and calls run(), which invokes ShellExecute (RunDlg.cpp:221) with the attacker-controlled string as the executable path. This vulnerability is fixed in 8.9.6.1.
π@cveNotify
GitHub
Fix arbitrary code execution vulnerability via config.xml (CVE-2026-4β¦ Β· notepad-plus-plus/notepad-plus-plus@24c7b5c
β¦8778)
* Remove "commandLineInterpreter" configuration.
* Add "Open Containing Folder in PowerShell" command.
* Use trusted system path for both cmd & p...
* Remove "commandLineInterpreter" configuration.
* Add "Open Containing Folder in PowerShell" command.
* Use trusted system path for both cmd & p...
π¨ CVE-2026-48800
Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <Command> tag text content inside <UserDefinedCommands> in shortcuts.xml is read by NppXml::value(aNode) (Parameters.cpp:3658) in the feedUserCmds() function and stored in UserCommand._cmd without any validation. When the user clicks the corresponding entry in the Run menu, NppCommands.cpp:4264 creates a Command object with string2wstring(ucmd.getCmd()) and calls run(), which invokes ShellExecute (RunDlg.cpp:221) with the attacker-controlled string as the executable path. The injected command appears as a normal menu item in the Run menu, making it a viable persistence mechanism. This vulnerability is fixed in 8.9.6.1.
π@cveNotify
Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <Command> tag text content inside <UserDefinedCommands> in shortcuts.xml is read by NppXml::value(aNode) (Parameters.cpp:3658) in the feedUserCmds() function and stored in UserCommand._cmd without any validation. When the user clicks the corresponding entry in the Run menu, NppCommands.cpp:4264 creates a Command object with string2wstring(ucmd.getCmd()) and calls run(), which invokes ShellExecute (RunDlg.cpp:221) with the attacker-controlled string as the executable path. The injected command appears as a normal menu item in the Run menu, making it a viable persistence mechanism. This vulnerability is fixed in 8.9.6.1.
π@cveNotify
GitHub
Fix arbitrary code execution vulnerability via shortcuts.xml (CVE-202β¦ Β· notepad-plus-plus/notepad-plus-plus@6b3dc52
β¦6-48778)
Add 5 security alert/error dialogs to prevent arbitrary code execution.
Fix https://github.com/notepad-plus-plus/notepad-plus-plus/security/advisories/GHSA-3x3f-3j39-pj3v
Add 5 security alert/error dialogs to prevent arbitrary code execution.
Fix https://github.com/notepad-plus-plus/notepad-plus-plus/security/advisories/GHSA-3x3f-3j39-pj3v
π¨ CVE-2026-50132
Budibase is an open-source low-code platform. Prior to 3.39.0, `GET /api/chat-links/:instance/:token/handoff` is a public endpoint (no auth required) that performs a permanent, state-changing operation: it binds an external chat identity (Slack/Discord/MS Teams) to an authenticated Budibase user account, with no consent UI and no CSRF protection. The session token in the URL is created by the attacker (from their own /link slash command) and embeds the attacker's externalUserId. When an authenticated Budibase victim visits the URL, their account is silently and permanently linked to the attacker's Slack/Discord identity. The server responds with "Authentication succeeded." β no indication of what was linked. This vulnerability is fixed in 3.39.0.
π@cveNotify
Budibase is an open-source low-code platform. Prior to 3.39.0, `GET /api/chat-links/:instance/:token/handoff` is a public endpoint (no auth required) that performs a permanent, state-changing operation: it binds an external chat identity (Slack/Discord/MS Teams) to an authenticated Budibase user account, with no consent UI and no CSRF protection. The session token in the URL is created by the attacker (from their own /link slash command) and embeds the attacker's externalUserId. When an authenticated Budibase victim visits the URL, their account is silently and permanently linked to the attacker's Slack/Discord identity. The server responds with "Authentication succeeded." β no indication of what was linked. This vulnerability is fixed in 3.39.0.
π@cveNotify
GitHub
Chat Identity Link Hijacking via Missing Consent & CSRF β Account Impersonation in Budibase
## Title
**Chat Identity Link Hijacking β Attacker Can Silently Map Their Slack/Discord Identity to Any Authenticated Budibase User's Account**
## Severity
**High** β CVSS 3.1: AV:N/AC...
**Chat Identity Link Hijacking β Attacker Can Silently Map Their Slack/Discord Identity to Any Authenticated Budibase User's Account**
## Severity
**High** β CVSS 3.1: AV:N/AC...
π¨ CVE-2026-50136
Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recaptcha middleware and does not require authentication, table permission, datasource permission, or builder access. A public caller who knows a workspace ID and S3 datasource ID can request a signed upload URL for attacker-controlled bucket and key values. This vulnerability is fixed in 3.39.3.
π@cveNotify
Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recaptcha middleware and does not require authentication, table permission, datasource permission, or builder access. A public caller who knows a workspace ID and S3 datasource ID can request a signed upload URL for attacker-controlled bucket and key values. This vulnerability is fixed in 3.39.3.
π@cveNotify
GitHub
Unauthenticated S3 signed upload URL generation allows arbitrary writes with stored datasource credentials
The application server exposes an unauthenticated endpoint that generates S3 `PutObject` presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recapt...