๐จ CVE-2026-54370
acl before version 2.4.0 contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat() check and subsequent symlink-following operations such as stat(), chown(), chmod(), acl_get_file(), and acl_set_file(). Attackers who control a pathname component can redirect file access control list operations to arbitrary files when getfacl, setfacl, or chacl is invoked by a privileged process over an attacker-controlled path, resulting in local privilege escalation.
๐@cveNotify
acl before version 2.4.0 contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat() check and subsequent symlink-following operations such as stat(), chown(), chmod(), acl_get_file(), and acl_set_file(). Attackers who control a pathname component can redirect file access control list operations to arbitrary files when getfacl, setfacl, or chacl is invoked by a privileged process over an attacker-controlled path, resulting in local privilege escalation.
๐@cveNotify
๐จ CVE-2026-13571
A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument item_price can lead to business logic errors. The attack may be performed from remote. The exploit has been published and may be used.
๐@cveNotify
A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument item_price can lead to business logic errors. The attack may be performed from remote. The exploit has been published and may be used.
๐@cveNotify
GitHub
Simple-Food-Ordering-System/Simple-Food-Ordering-System-Price-Manipulation.md at main ยท ogh-bnz/Simple-Food-Ordering-System
Contribute to ogh-bnz/Simple-Food-Ordering-System development by creating an account on GitHub.
๐จ CVE-2026-13573
A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
GitHub
GitHub - llvm/llvm-project: The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.
The LLVM Project is a collection of modular and reusable compiler and toolchain technologies. - llvm/llvm-project
๐จ CVE-2026-13578
A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patientdetail.php. Performing a manipulation of the argument editid results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
๐@cveNotify
A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patientdetail.php. Performing a manipulation of the argument editid results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
๐@cveNotify
GitHub
itsourcecode Hospital Management System V1.0 SQL Injection Vulnerability ยท Issue #20 ยท ltranquility/submit
itsourcecode Hospital Management System V1.0 SQL Injection Vulnerability NAME OF AFFECTED PRODUCT(S) Hospital Management System Vendor Homepage https://itsourcecode.com/free-projects/php-project/ho...
๐จ CVE-2026-13579
A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /patientchangepassword.php. Executing a manipulation of the argument newpassword can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
๐@cveNotify
A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /patientchangepassword.php. Executing a manipulation of the argument newpassword can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
๐@cveNotify
GitHub
itsourcecode Hospital Management System V1.0 SQL Injection Vulnerability ยท Issue #21 ยท ltranquility/cve_submit
itsourcecode Hospital Management System V1.0 SQL Injection Vulnerability NAME OF AFFECTED PRODUCT(S) Hospital Management System Vendor Homepage https://itsourcecode.com/free-projects/php-project/ho...
๐จ CVE-2026-46406
Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path (/tmp/claude/response.md) without UID isolation, randomness, or symlink protection. The file was created world-readable (0644) in a world-traversable directory (0755), allowing any local user to read a privileged user's Claude response, which could contain secrets or credentials. Additionally, because the path was static and predictable, a local attacker could pre-create the directory and plant a symlink at the expected file path, causing the privileged process to follow the symlink and overwrite an attacker-chosen file with the response text. Exploiting this required a local unprivileged user on the same system and a privileged user to run the /copy command. This vulnerability is fixed in 2.1.128.
๐@cveNotify
Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path (/tmp/claude/response.md) without UID isolation, randomness, or symlink protection. The file was created world-readable (0644) in a world-traversable directory (0755), allowing any local user to read a privileged user's Claude response, which could contain secrets or credentials. Additionally, because the path was static and predictable, a local attacker could pre-create the directory and plant a symlink at the expected file path, causing the privileged process to follow the symlink and overwrite an attacker-chosen file with the response text. Exploiting this required a local unprivileged user on the same system and a privileged user to run the /copy command. This vulnerability is fixed in 2.1.128.
๐@cveNotify
GitHub
Insecure Temporary File in /copy Command Enables Response Disclosure and Symlink-Based File Write
The Claude Code `/copy` command wrote responses to a hardcoded, predictable path (`/tmp/claude/response.md`) without UID isolation, randomness, or symlink protection. The file was created world-rea...
๐จ CVE-2026-49049
The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters.
๐@cveNotify
The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters.
๐@cveNotify
JoomShaper
Responsive Joomla 6 Templates & Free Joomla Extensions - JoomShaper
JoomShaper is a premium Joomla templates club with more than 150+ premium responsive Joomla templates and extensions.
๐จ CVE-2026-55607
Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git fsmonitor execution during worktree operations, an attacker could overwrite files in the user's home directory (such as .zshenv), leading to code execution outside of seatbelt sandbox restrictions. Reliably exploiting this required the user to clone a malicious repository containing prompt injection content and run Claude Code against it. This vulnerability is fixed in 2.1.163.
๐@cveNotify
Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git fsmonitor execution during worktree operations, an attacker could overwrite files in the user's home directory (such as .zshenv), leading to code execution outside of seatbelt sandbox restrictions. Reliably exploiting this required the user to clone a malicious repository containing prompt injection content and run Claude Code against it. This vulnerability is fixed in 2.1.163.
๐@cveNotify
GitHub
Sandbox Escape via Git Worktree Path Confusion Allows Unsandboxed Code Execution
Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploi...
๐จ CVE-2026-56124
phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploaded-files database table by visiting any page of the application. The index model executes an unbounded SELECT query and embeds the complete JSON-encoded result set in an inline script block, exposing uploader IP addresses, Argon2ID key hashes, internal filenames, and SHA-256 fingerprints.
๐@cveNotify
phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploaded-files database table by visiting any page of the application. The index model executes an unbounded SELECT query and embeds the complete JSON-encoded result set in an inline script block, exposing uploader IP addresses, Argon2ID key hashes, internal filenames, and SHA-256 fingerprints.
๐@cveNotify
GitHub
Fix uploaded metadata disclosure ยท shimosyan/phpUploader@45dc4f1
Limit public file list data to display-safe columns, strengthen inline JSON escaping, and bump release version to 2.0.2.
๐จ CVE-2026-57320
Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions.
๐@cveNotify
Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress BEAR Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57326
Unauthenticated Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.
๐@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Business Directory Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57328
Subscriber Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.
๐@cveNotify
Subscriber Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Business Directory Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57330
Subscriber Cross Site Scripting (XSS) in MasterStudy LMS <= 3.7.27 versions.
๐@cveNotify
Subscriber Cross Site Scripting (XSS) in MasterStudy LMS <= 3.7.27 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress MasterStudy LMS Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57331
Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions.
๐@cveNotify
Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions.
๐@cveNotify
Patchstack
Arbitrary File Deletion in WordPress Paid Videochat Turnkey Site Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57332
Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions.
๐@cveNotify
Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions.
๐@cveNotify
Patchstack
Broken Access Control in WordPress Wallet System for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57333
Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions.
๐@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Link Whisper Free Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57334
Unauthenticated Broken Access Control in WP User Frontend <= 4.3.7 versions.
๐@cveNotify
Unauthenticated Broken Access Control in WP User Frontend <= 4.3.7 versions.
๐@cveNotify
Patchstack
Broken Access Control in WordPress WP User Frontend Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57336
Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions.
๐@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Jobify Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57337
Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions.
๐@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Landing Page Builder Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57338
Unauthenticated Cross Site Scripting (XSS) in ARForms <= 7.1.2 versions.
๐@cveNotify
Unauthenticated Cross Site Scripting (XSS) in ARForms <= 7.1.2 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress ARForms Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.