🚨 CVE-2026-57328
Subscriber Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.
🎖@cveNotify
Subscriber Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.
🎖@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Business Directory Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-57330
Subscriber Cross Site Scripting (XSS) in MasterStudy LMS <= 3.7.27 versions.
🎖@cveNotify
Subscriber Cross Site Scripting (XSS) in MasterStudy LMS <= 3.7.27 versions.
🎖@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress MasterStudy LMS Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-57331
Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions.
🎖@cveNotify
Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions.
🎖@cveNotify
Patchstack
Arbitrary File Deletion in WordPress Paid Videochat Turnkey Site Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-57332
Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions.
🎖@cveNotify
Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress Wallet System for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-57333
Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions.
🎖@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions.
🎖@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Link Whisper Free Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-57334
Unauthenticated Broken Access Control in WP User Frontend <= 4.3.7 versions.
🎖@cveNotify
Unauthenticated Broken Access Control in WP User Frontend <= 4.3.7 versions.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress WP User Frontend Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-57337
Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions.
🎖@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions.
🎖@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Landing Page Builder Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-57339
Unauthenticated Broken Access Control in Business Directory <= 6.4.23 versions.
🎖@cveNotify
Unauthenticated Broken Access Control in Business Directory <= 6.4.23 versions.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress Business Directory Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-57340
Unauthenticated Broken Access Control in Japanized For WooCommerce <= 2.9.12 versions.
🎖@cveNotify
Unauthenticated Broken Access Control in Japanized For WooCommerce <= 2.9.12 versions.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress Japanized For WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-13437
Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API responses.
🎖@cveNotify
Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API responses.
🎖@cveNotify
Devolutions
advisories
Stay informed with Devolutions' latest security advisories on vulnerabilities, threats, and incident responses to enhance your cybersecurity posture.
🚨 CVE-2026-13580
A security vulnerability has been detected in Edimax EW-7478APC 1.04. This affects the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A security vulnerability has been detected in Edimax EW-7478APC 1.04. This affects the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
lavender-bicycle-a5a on Notion
EDIMAX-EW-7478APC-formQoS | Notion
Overview
🚨 CVE-2026-13581
A vulnerability was detected in Edimax EW-7478APC 1.04. This vulnerability affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. The manipulation of the argument rootAPmac results in os command injection. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability was detected in Edimax EW-7478APC 1.04. This vulnerability affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. The manipulation of the argument rootAPmac results in os command injection. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
lavender-bicycle-a5a on Notion
EDIMAX-EW-7478APC-formStaDrvSetup | Notion
Overview
🚨 CVE-2026-13582
A flaw has been found in Edimax EW-7478APC 1.04. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. This manipulation of the argument UserName/Password causes buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A flaw has been found in Edimax EW-7478APC 1.04. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. This manipulation of the argument UserName/Password causes buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
lavender-bicycle-a5a on Notion
EDIMAX-EW-7478APC-formUSBAccount | Notion
Overview
🚨 CVE-2026-13583
A vulnerability has been found in Edimax EW-7478APC 1.04. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. Such manipulation of the argument ShareName/SelectName leads to buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability has been found in Edimax EW-7478APC 1.04. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. Such manipulation of the argument ShareName/SelectName leads to buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
lavender-bicycle-a5a on Notion
EDIMAX-EW-7478APC-formUSBFolder | Notion
Overview
🚨 CVE-2026-13587
A vulnerability was found in seladb PcapPlusPlus 25.05. The affected element is the function parse_by_block_type of the file light_pcapng.c of the component LightPcapNg Parser. Performing a manipulation of the argument captured_packet_length results in heap-based buffer overflow. It is possible to initiate the attack remotely. The attack's complexity is rated as high. The exploitability is described as difficult. The exploit has been made public and could be used.
🎖@cveNotify
A vulnerability was found in seladb PcapPlusPlus 25.05. The affected element is the function parse_by_block_type of the file light_pcapng.c of the component LightPcapNg Parser. Performing a manipulation of the argument captured_packet_length results in heap-based buffer overflow. It is possible to initiate the attack remotely. The attack's complexity is rated as high. The exploitability is described as difficult. The exploit has been made public and could be used.
🎖@cveNotify
GitHub
GitHub - seladb/PcapPlusPlus: PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets.…
PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use. It provides C++ wrappers for the most p...
🚨 CVE-2026-13744
Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, or specification input, an attacker could cause Snowflake CLI to execute unintended SQL in the context of the victim user's Snowflake session. Successful exploitation requires the victim to process attacker-controlled content through a vulnerable command path and is limited by the privileges assigned to that session. The fix is available in Snowflake CLI version 3.19. Users must manually upgrade.
🎖@cveNotify
Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, or specification input, an attacker could cause Snowflake CLI to execute unintended SQL in the context of the victim user's Snowflake session. Successful exploitation requires the victim to process attacker-controlled content through a vulnerable command path and is limited by the privileges assigned to that session. The fix is available in Snowflake CLI version 3.19. Users must manually upgrade.
🎖@cveNotify
Snowflake
Snowflake Community
Join our community of data professionals to learn, connect, share and innovate together
🚨 CVE-2026-13746
Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by supplying crafted values to vulnerable Cortex SQL or object listing command paths, causing Snowflake CLI to execute unintended SQL in the context of that user's Snowflake session. Successful exploitation is constrained to self-injection because the vulnerable parameters were supplied directly through local CLI arguments rather than through project files, repositories, or other external input sources, and impact is limited to the privileges already available to the current session. The fix is available in Snowflake CLI version 3.19, and users must manually upgrade.
🎖@cveNotify
Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by supplying crafted values to vulnerable Cortex SQL or object listing command paths, causing Snowflake CLI to execute unintended SQL in the context of that user's Snowflake session. Successful exploitation is constrained to self-injection because the vulnerable parameters were supplied directly through local CLI arguments rather than through project files, repositories, or other external input sources, and impact is limited to the privileges already available to the current session. The fix is available in Snowflake CLI version 3.19, and users must manually upgrade.
🎖@cveNotify
Snowflake
Snowflake Community
Join our community of data professionals to learn, connect, share and innovate together
🚨 CVE-2026-13748
Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake services. An attacker could exploit this by supplying crafted repository or project content that referenced files outside the intended project boundary, causing Snowflake CLI to read local files and upload or embed their contents during deployment or SQL template processing. Successful exploitation required the victim to process attacker-controlled project content, and retrieval of exfiltrated data depended on access to the victim's Snowflake account artifacts such as query history or uploaded stage content. The fix is available in Snowflake CLI version 3.19, and users must manually upgrade.
🎖@cveNotify
Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake services. An attacker could exploit this by supplying crafted repository or project content that referenced files outside the intended project boundary, causing Snowflake CLI to read local files and upload or embed their contents during deployment or SQL template processing. Successful exploitation required the victim to process attacker-controlled project content, and retrieval of exfiltrated data depended on access to the victim's Snowflake account artifacts such as query history or uploaded stage content. The fix is available in Snowflake CLI version 3.19, and users must manually upgrade.
🎖@cveNotify
Snowflake
Snowflake Community
Join our community of data professionals to learn, connect, share and innovate together