[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"landing-cves":3,"landing-articles":196,"landing-trending":198},{"count":4,"next":5,"previous":6,"results":7},353546,"http:\u002F\u002Fweb:8606\u002Fapi\u002Fcves\u002F?page=2&sorted_by=-published",null,[8,40,66,88,108,120,145,158,172,184],{"id":9,"cve_id":10,"summary":11,"published":12,"cvss_data":13,"is_remote":23,"cwes":24,"cpes":26,"technologies":27,"references":28,"score":36,"epss_score":37,"epss_percentile":37,"is_kev":38,"cisa_kev_date_added":6,"cisa_kev_due_date":6,"exploits":39},343050,"CVE-2026-2128","The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2 This is due to improper verification of the `wordpress_logged_in_` cookie in the `inc\u002Fcache\u002Fexecute-cache.php` file when the \"Cache Logged-in Users\" setting is enabled. The plugin parses the username directly from the cookie value (e.g., `username|hash`) using `substr()` to retrieve the corresponding cache file but fails to verify the session's cryptographic signature or validity with WordPress core. This makes it possible for unauthenticated attackers to supply a crafted cookie (e.g., `wordpress_logged_in_fake=admin|fake`) to trick the plugin into serving the cached HTML content generated for an administrator, leading to the disclosure of sensitive information such as private posts (including their full content), the Admin Bar, WordPress nonces, and other data visible only to logged-in administrators or other users.","2026-05-29T05:16:00Z",{"cvss_v3.1":14},{"scope":15,"version":16,"baseScore":17,"attackVector":18,"baseSeverity":19,"vectorString":20,"integrityImpact":21,"userInteraction":21,"attackComplexity":22,"availabilityImpact":21,"privilegesRequired":21,"confidentialityImpact":22},"UNCHANGED","3.1",5.3,"NETWORK","MEDIUM","CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","NONE","LOW",true,[25],"CWE-200",[],[],[29,30,31,32,33,34,35],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fbreeze\u002Ftags\u002F2.2.24\u002Finc\u002Fcache\u002Fexecute-cache.php#L132","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fbreeze\u002Ftags\u002F2.2.24\u002Finc\u002Fcache\u002Fexecute-cache.php#L140","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fbreeze\u002Ftrunk\u002Finc\u002Fcache\u002Fexecute-cache.php#L140","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset\u002F3456822\u002Fbreeze\u002Ftrunk\u002Finc\u002Fcache\u002Fexecute-cache.php","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbreeze\u002Ftags\u002F2.2.24&new_path=%2Fbreeze\u002Ftags\u002F2.3.0","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbreeze\u002Ftags\u002F2.5.2&new_path=%2Fbreeze\u002Ftags\u002F2.5.3","https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff0b6c41d-833e-4ad4-bdb6-c38fef3eb7f4?source=cve",0.47,0,false,[],{"id":41,"cve_id":42,"summary":43,"published":44,"cvss_data":45,"is_remote":23,"cwes":51,"cpes":53,"technologies":54,"references":55,"score":64,"epss_score":37,"epss_percentile":37,"is_kev":38,"cisa_kev_date_added":6,"cisa_kev_due_date":6,"exploits":65},346909,"CVE-2026-7430","The Post Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.19. This is due to insufficient output escaping of imported snippet content when rendering JavaScript variables in the post editor. Specifically, the `jqueryUiDialog()` method in `WPEditor.php` embeds snippet content directly into JavaScript string literals without escaping double quotes (the quote-escaping code on line 214 is commented out). When snippets are imported via the Import\u002FExport feature, the content bypasses WordPress's `wp_magic_quotes()` (which would otherwise add protective backslashes), allowing double quotes in snippet content to break out of the JavaScript string context. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts via a malicious import file that execute whenever any administrator accesses a post editor page. Please note that this does not affect single-site installations as administrators already have the `unfiltered_html` capability.","2026-05-29T04:17:00Z",{"cvss_v3.1":46},{"scope":47,"version":16,"baseScore":48,"attackVector":18,"baseSeverity":19,"vectorString":49,"integrityImpact":22,"userInteraction":21,"attackComplexity":50,"availabilityImpact":21,"privilegesRequired":50,"confidentialityImpact":22},"CHANGED",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","HIGH",[52],"CWE-79",[],[],[56,57,58,59,60,61,62,63],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fpost-snippets\u002Ftags\u002F4.0.19\u002Fsrc\u002FPostSnippets\u002FDBTable.php#L114","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fpost-snippets\u002Ftags\u002F4.0.19\u002Fsrc\u002FPostSnippets\u002FWPEditor.php#L218","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fpost-snippets\u002Ftags\u002F4.1.1\u002Fsrc\u002FPostSnippets\u002FWPEditor.php#L20","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fpost-snippets\u002Ftags\u002F4.1.1\u002Fsrc\u002FPostSnippets\u002FWPEditor.php#L221","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fpost-snippets\u002Ftags\u002F4.1.1\u002Fsrc\u002FPostSnippets\u002FWPEditor.php#L227","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fpost-snippets\u002Ftrunk\u002Fsrc\u002FPostSnippets\u002FDBTable.php#L114","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fpost-snippets\u002Ftrunk\u002Fsrc\u002FPostSnippets\u002FWPEditor.php#L218","https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F59dc2448-491c-478f-a784-c727057b126b?source=cve",0.42,[],{"id":67,"cve_id":68,"summary":69,"published":44,"cvss_data":70,"is_remote":23,"cwes":74,"cpes":75,"technologies":76,"references":77,"score":64,"epss_score":37,"epss_percentile":37,"is_kev":38,"cisa_kev_date_added":6,"cisa_kev_due_date":6,"exploits":87},335223,"CVE-2026-8995","The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 6.3.7. This is due to insufficient access controls on the 'ays_poll_get_user_information' AJAX action, which serializes and returns the complete WP_User object — including the user_pass (bcrypt password hash), user_email, user_login, user_registered, roles, and all capabilities — without any nonce verification or capability check beyond is_user_logged_in(). This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive account data including their own password hash, which WordPress does not expose through any of its standard interfaces and which can be leveraged for offline password-cracking attacks.",{"cvss_v3.1":71},{"scope":15,"version":16,"baseScore":72,"attackVector":18,"baseSeverity":19,"vectorString":73,"integrityImpact":21,"userInteraction":21,"attackComplexity":22,"availabilityImpact":21,"privilegesRequired":22,"confidentialityImpact":22},4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N",[25],[],[],[78,79,80,81,82,83,84,85,86],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fpoll-maker\u002Ftags\u002F6.2.7\u002Fincludes\u002Fclass-poll-maker-ays.php#L318","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fpoll-maker\u002Ftags\u002F6.2.7\u002Fpublic\u002Fclass-poll-maker-ays-public.php#L2960","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fpoll-maker\u002Ftags\u002F6.2.7\u002Fpublic\u002Fclass-poll-maker-ays-public.php#L2967","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fpoll-maker\u002Ftags\u002F6.3.7\u002Fincludes\u002Fclass-poll-maker-ays.php#L318","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fpoll-maker\u002Ftags\u002F6.3.7\u002Fpublic\u002Fclass-poll-maker-ays-public.php#L2960","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fpoll-maker\u002Ftags\u002F6.3.7\u002Fpublic\u002Fclass-poll-maker-ays-public.php#L2967","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fpoll-maker\u002Ftags\u002F6.3.8\u002Fincludes\u002Fclass-poll-maker-ays.php#L318","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fpoll-maker\u002Ftags\u002F6.3.8\u002Fpublic\u002Fclass-poll-maker-ays-public.php#L2959","https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5d1ff79e-5246-422a-ae75-20763e7acd17?source=cve",[],{"id":89,"cve_id":90,"summary":91,"published":92,"cvss_data":93,"is_remote":38,"cwes":100,"cpes":102,"technologies":103,"references":104,"score":106,"epss_score":37,"epss_percentile":37,"is_kev":38,"cisa_kev_date_added":6,"cisa_kev_due_date":6,"exploits":107},335554,"CVE-2026-8070","Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the ' \nSecurity Update for Armoury Crate App   ' section on the ASUS Security Advisory for more information.","2026-05-29T02:16:00Z",{"cvss_v4.0":94},{"Safety":95,"version":96,"Recovery":95,"baseScore":97,"Automatable":95,"attackVector":98,"baseSeverity":50,"valueDensity":95,"vectorString":99,"exploitMaturity":95,"providerUrgency":95,"userInteraction":21,"attackComplexity":50,"attackRequirements":21,"privilegesRequired":22,"subIntegrityImpact":21,"vulnIntegrityImpact":50,"integrityRequirement":95,"modifiedAttackVector":95,"subAvailabilityImpact":21,"vulnAvailabilityImpact":50,"availabilityRequirement":95,"modifiedUserInteraction":95,"modifiedAttackComplexity":95,"subConfidentialityImpact":21,"vulnConfidentialityImpact":50,"confidentialityRequirement":95,"modifiedAttackRequirements":95,"modifiedPrivilegesRequired":95,"modifiedSubIntegrityImpact":95,"modifiedVulnIntegrityImpact":95,"vulnerabilityResponseEffort":95,"modifiedSubAvailabilityImpact":95,"modifiedVulnAvailabilityImpact":95,"modifiedSubConfidentialityImpact":95,"modifiedVulnConfidentialityImpact":95},"NOT_DEFINED","4.0",7.3,"LOCAL","CVSS:4.0\u002FAV:L\u002FAC:H\u002FAT:N\u002FPR:L\u002FUI:N\u002FVC:H\u002FVI:H\u002FVA:H\u002FSC:N\u002FSI:N\u002FSA:N\u002FE:X\u002FCR:X\u002FIR:X\u002FAR:X\u002FMAV:X\u002FMAC:X\u002FMAT:X\u002FMPR:X\u002FMUI:X\u002FMVC:X\u002FMVI:X\u002FMVA:X\u002FMSC:X\u002FMSI:X\u002FMSA:X\u002FS:X\u002FAU:X\u002FR:X\u002FV:X\u002FRE:X\u002FU:X",[101],"CWE-732",[],[],[105],"https:\u002F\u002Fwww.asus.com\u002Fsecurity-advisory",0.36,[],{"id":109,"cve_id":110,"summary":111,"published":92,"cvss_data":112,"is_remote":38,"cwes":114,"cpes":115,"technologies":116,"references":117,"score":106,"epss_score":37,"epss_percentile":37,"is_kev":38,"cisa_kev_date_added":6,"cisa_kev_due_date":6,"exploits":119},347690,"CVE-2026-7480","An Incorrect Permission Assignment for Critical Resource vulnerability in ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary code via a crafted RPC call that bypass the validation mechanism.\nRefer to the 'Security Update for ASUS System Control Interface' section on the ASUS Security Advisory for more information.",{"cvss_v4.0":113},{"Safety":95,"version":96,"Recovery":95,"baseScore":97,"Automatable":95,"attackVector":98,"baseSeverity":50,"valueDensity":95,"vectorString":99,"exploitMaturity":95,"providerUrgency":95,"userInteraction":21,"attackComplexity":50,"attackRequirements":21,"privilegesRequired":22,"subIntegrityImpact":21,"vulnIntegrityImpact":50,"integrityRequirement":95,"modifiedAttackVector":95,"subAvailabilityImpact":21,"vulnAvailabilityImpact":50,"availabilityRequirement":95,"modifiedUserInteraction":95,"modifiedAttackComplexity":95,"subConfidentialityImpact":21,"vulnConfidentialityImpact":50,"confidentialityRequirement":95,"modifiedAttackRequirements":95,"modifiedPrivilegesRequired":95,"modifiedSubIntegrityImpact":95,"modifiedVulnIntegrityImpact":95,"vulnerabilityResponseEffort":95,"modifiedSubAvailabilityImpact":95,"modifiedVulnAvailabilityImpact":95,"modifiedSubConfidentialityImpact":95,"modifiedVulnConfidentialityImpact":95},[101],[],[],[118],"https:\u002F\u002Fwww.asus.com\u002Fsecurity-advisory\u002F",[],{"id":121,"cve_id":122,"summary":123,"published":124,"cvss_data":125,"is_remote":38,"cwes":134,"cpes":136,"technologies":137,"references":138,"score":143,"epss_score":37,"epss_percentile":37,"is_kev":38,"cisa_kev_date_added":6,"cisa_kev_due_date":6,"exploits":144},350492,"CVE-2026-6891","Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of files for which they would not normally have authorization.","2026-05-29T00:16:00Z",{"cvss_v3.1":126,"cvss_v4.0":130},{"scope":15,"version":16,"baseScore":127,"attackVector":98,"baseSeverity":19,"vectorString":128,"integrityImpact":50,"userInteraction":129,"attackComplexity":22,"availabilityImpact":21,"privilegesRequired":22,"confidentialityImpact":21},5,"CVSS:3.1\u002FAV:L\u002FAC:L\u002FPR:L\u002FUI:R\u002FS:U\u002FC:N\u002FI:H\u002FA:N","REQUIRED",{"Safety":95,"version":96,"Recovery":95,"baseScore":131,"Automatable":95,"attackVector":98,"baseSeverity":19,"valueDensity":95,"vectorString":132,"exploitMaturity":95,"providerUrgency":95,"userInteraction":133,"attackComplexity":22,"attackRequirements":21,"privilegesRequired":22,"subIntegrityImpact":21,"vulnIntegrityImpact":50,"integrityRequirement":95,"modifiedAttackVector":95,"subAvailabilityImpact":21,"vulnAvailabilityImpact":21,"availabilityRequirement":95,"modifiedUserInteraction":95,"modifiedAttackComplexity":95,"subConfidentialityImpact":21,"vulnConfidentialityImpact":21,"confidentialityRequirement":95,"modifiedAttackRequirements":95,"modifiedPrivilegesRequired":95,"modifiedSubIntegrityImpact":95,"modifiedVulnIntegrityImpact":95,"vulnerabilityResponseEffort":95,"modifiedSubAvailabilityImpact":95,"modifiedVulnAvailabilityImpact":95,"modifiedSubConfidentialityImpact":95,"modifiedVulnConfidentialityImpact":95},5.1,"CVSS:4.0\u002FAV:L\u002FAC:L\u002FAT:N\u002FPR:L\u002FUI:P\u002FVC:N\u002FVI:H\u002FVA:N\u002FSC:N\u002FSI:N\u002FSA:N\u002FE:X\u002FCR:X\u002FIR:X\u002FAR:X\u002FMAV:X\u002FMAC:X\u002FMAT:X\u002FMPR:X\u002FMUI:X\u002FMVC:X\u002FMVI:X\u002FMVA:X\u002FMSC:X\u002FMSI:X\u002FMSA:X\u002FS:X\u002FAU:X\u002FR:X\u002FV:X\u002FRE:X\u002FU:X","PASSIVE",[135],"CWE-59",[],[],[139,140,141,142],"https:\u002F\u002Fcanon.jp\u002Fsupport\u002Fsupport-info\u002F260528-2vulnerability-response","https:\u002F\u002Fpsirt.canon\u002Fadvisory-information\u002Fcp2026-004\u002F","https:\u002F\u002Fwww.canon-europe.com\u002Fsupport\u002Fproduct-security\u002F","https:\u002F\u002Fwww.usa.canon.com\u002Fsupport\u002Fcanon-product-advisories\u002FCPA2026-004-Vulnerability-Remediation-for-My-Image-Garden-for-macOS-and-CUPS-Printer-Driver-for-macOS",0.26,[],{"id":146,"cve_id":147,"summary":148,"published":124,"cvss_data":149,"is_remote":38,"cwes":152,"cpes":153,"technologies":154,"references":155,"score":143,"epss_score":37,"epss_percentile":37,"is_kev":38,"cisa_kev_date_added":6,"cisa_kev_due_date":6,"exploits":157},350005,"CVE-2026-6892","Improper handling of symbolic links in the installer of CUPS Printer Driver for macOS(*) may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of directories for which they would not normally have authorization. \n\n*:Canon PIXUS iX6800 Series CUPS Printer Driver for macOS Version 16.91.0.0 or earlier (Japan)\n\nCanon PIXMA MG2500 Series and iX6800 Series CUPS Printer Driver for macOS Version 16.91.0.0 or earlier (US and Europe)",{"cvss_v3.1":150,"cvss_v4.0":151},{"scope":15,"version":16,"baseScore":127,"attackVector":98,"baseSeverity":19,"vectorString":128,"integrityImpact":50,"userInteraction":129,"attackComplexity":22,"availabilityImpact":21,"privilegesRequired":22,"confidentialityImpact":21},{"Safety":95,"version":96,"Recovery":95,"baseScore":131,"Automatable":95,"attackVector":98,"baseSeverity":19,"valueDensity":95,"vectorString":132,"exploitMaturity":95,"providerUrgency":95,"userInteraction":133,"attackComplexity":22,"attackRequirements":21,"privilegesRequired":22,"subIntegrityImpact":21,"vulnIntegrityImpact":50,"integrityRequirement":95,"modifiedAttackVector":95,"subAvailabilityImpact":21,"vulnAvailabilityImpact":21,"availabilityRequirement":95,"modifiedUserInteraction":95,"modifiedAttackComplexity":95,"subConfidentialityImpact":21,"vulnConfidentialityImpact":21,"confidentialityRequirement":95,"modifiedAttackRequirements":95,"modifiedPrivilegesRequired":95,"modifiedSubIntegrityImpact":95,"modifiedVulnIntegrityImpact":95,"vulnerabilityResponseEffort":95,"modifiedSubAvailabilityImpact":95,"modifiedVulnAvailabilityImpact":95,"modifiedSubConfidentialityImpact":95,"modifiedVulnConfidentialityImpact":95},[135],[],[],[156,140,141,142],"https:\u002F\u002Fcanon.jp\u002Fsupport\u002Fsupport-info\u002F260528-1vulnerability-response",[],{"id":159,"cve_id":160,"summary":161,"published":162,"cvss_data":163,"is_remote":38,"cwes":164,"cpes":166,"technologies":167,"references":168,"score":37,"epss_score":37,"epss_percentile":37,"is_kev":38,"cisa_kev_date_added":6,"cisa_kev_due_date":6,"exploits":171},335107,"CVE-2026-9907","Out of bounds read in Dawn in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)","2026-05-28T23:16:00Z",{},[165],"CWE-125",[],[],[169,170],"https:\u002F\u002Fchromereleases.googleblog.com\u002F2026\u002F05\u002Fstable-channel-update-for-desktop_0877304591.html","https:\u002F\u002Fissues.chromium.org\u002Fissues\u002F499091269",[],{"id":173,"cve_id":174,"summary":175,"published":162,"cvss_data":176,"is_remote":38,"cwes":177,"cpes":179,"technologies":180,"references":181,"score":37,"epss_score":37,"epss_percentile":37,"is_kev":38,"cisa_kev_date_added":6,"cisa_kev_due_date":6,"exploits":183},334989,"CVE-2026-9931","Use after free in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)",{},[178],"CWE-416",[],[],[169,182],"https:\u002F\u002Fissues.chromium.org\u002Fissues\u002F501524262",[],{"id":185,"cve_id":186,"summary":187,"published":162,"cvss_data":188,"is_remote":38,"cwes":189,"cpes":191,"technologies":192,"references":193,"score":37,"epss_score":37,"epss_percentile":37,"is_kev":38,"cisa_kev_date_added":6,"cisa_kev_due_date":6,"exploits":195},333471,"CVE-2026-9998","Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)",{},[190],"CWE-472",[],[],[169,194],"https:\u002F\u002Fissues.chromium.org\u002Fissues\u002F513337118",[],{"count":37,"next":6,"previous":6,"results":197},[],{"count":199,"next":200,"previous":6,"results":201},72,"http:\u002F\u002Fweb:8606\u002Fapi\u002Ftrending_attacks\u002F?page=2&sorted_by=-published_at",[202,210,218,224,231,237,245,253,261,269],{"id":203,"title":204,"summary":205,"published_at":206,"severity":207,"vendor":208,"products":209},1,"SQL injection in Roundcube","Roundcube is an open-source webmail application that allows users to access and manage email through a web browser.\r\n\r\nCVE-2026-48842 is a pre-authentication SQL injection vulnerability affecting Roundcube Webmail versions before 1.6.16 and 1.7.1. The flaw exists in the virtuser_query plugin and can be exploited remotely without authentication through a preg_replace() backslash escape bypass, potentially allowing attackers to manipulate database queries and compromise sensitive information.","2026-05-29T07:49:59.620563Z",3,"Roundcube",[208],{"id":211,"title":212,"summary":213,"published_at":214,"severity":215,"vendor":216,"products":217},2,"Privilege escalation in Joomla","Joomla is a free and open-source content management system (CMS) used to build and manage websites, portals, and web applications. It provides a flexible framework with extensions, templates, and user management features, making it popular for both small websites and large enterprise platforms.\r\n\r\nCVE-2026-48904 is a privilege escalation vulnerability affecting Joomla CMS due to an improper access control check in the com_users webservice endpoint. An attacker could exploit this flaw remotely to modify user group permissions and gain elevated privileges, potentially leading to unauthorized administrative access. The vulnerability affects Joomla versions 4.0.0–5.4.5 and 6.0.0–6.1.0 and was fixed in versions 5.4.6 and 6.1.1.","2026-05-29T07:47:03.760767Z",4,"Joomla",[216],{"id":207,"title":219,"summary":220,"published_at":221,"severity":211,"vendor":222,"products":223},"Unauthorized access to container images in Gitea","Gitea is an open-source, self-hosted Git service platform designed for software development and version control. It provides features similar to GitHub or GitLab, including repository management, issue tracking, pull requests, CI\u002FCD integrations, and team collaboration.\r\n\r\nCVE-2026-27771 is a security vulnerability affecting Gitea versions prior to 1.26.2 that allowed unauthenticated users to access private container images without valid credentials. The flaw was caused by improper permission checks in the container registry component, potentially exposing sensitive internal images across thousands of internet-facing deployments.","2026-05-27T12:07:45.656936Z","Gitea",[222],{"id":215,"title":225,"summary":226,"published_at":227,"severity":207,"vendor":228,"products":229},"Multiples vulnerabilities in Microsoft Sharepoint","Microsoft SharePoint is a web-based collaboration and document management platform developed by Microsoft. It is commonly used by organizations to store, share, and manage documents, automate workflows, and improve team collaboration across departments.\r\n\r\nCVE-2026-32201 is a spoofing vulnerability affecting Microsoft SharePoint Server caused by improper input validation. An unauthenticated attacker could exploit this flaw over a network to impersonate trusted entities or manipulate how SharePoint handles requests. Microsoft classified the issue as important, and reports indicated that it was actively exploited in the wild shortly after disclosure.\r\n\r\nCVE-2026-45659 is a high-severity remote code execution vulnerability in Microsoft SharePoint related to unsafe deserialization of untrusted data. An authenticated attacker with low privileges could exploit the flaw remotely without user interaction, potentially gaining full control over the affected SharePoint server. Security advisories strongly recommend applying Microsoft patches as soon as possible due to the critical impact of the vulnerability","2026-05-27T08:28:34.715664Z","Microsoft",[230],"Sharepoint",{"id":127,"title":232,"summary":233,"published_at":234,"severity":215,"vendor":228,"products":235},"Remote Code Execution in Microsoft Windows DNS","Microsoft Windows DNS is the DNS client service used by Windows systems to resolve domain names and communicate with DNS servers.\r\nCVE-2026-41096 is a critical heap-based buffer overflow vulnerability in the Windows DNS Client that allows unauthenticated remote code execution via specially crafted DNS responses.\r\nAn attacker controlling or intercepting DNS traffic could trigger memory corruption and execute arbitrary code remotely on vulnerable Windows machines.","2026-05-26T12:15:17.186896Z",[236],"Windows DNS",{"id":238,"title":239,"summary":240,"published_at":241,"severity":207,"vendor":242,"products":243},6,"Remote Code Execution in extension \"Content Element Selector\" on TYPO3 server","The extension passes an attacker-controlled cookie directly to PHP's unserialize() without safely processing the input. A remote, unauthenticated attacker can supply a crafted serialized payload to trigger PHP Object Injection, leading to Remote Code Execution on the TYPO3 server. Exploitation requires the content element to be configured with \"Persistent Mode: Static\" in the plugin settings.","2026-05-25T16:40:32.703006Z","TYPO3",[244],"Extension \"Content Element Selector\"",{"id":246,"title":247,"summary":248,"published_at":249,"severity":215,"vendor":250,"products":251},7,"Unauthorized API Access in Cisco Secure Workload","A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role.\r\n\r\nThis vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user.","2026-05-22T15:53:55.690058Z","Cisco",[252],"Cisco Secure Workload",{"id":254,"title":255,"summary":256,"published_at":257,"severity":215,"vendor":258,"products":259},8,"Path Traversal in the UniFi Network Application","A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.\r\nRemediation: Update UniFi Network Application to the patched version listed in Ubiquiti Security Advisory Bulletin 062. Access to the management port (8443\u002FTCP) should be restricted to VPN or a bastion host and must never be exposed directly to the internet. Additionally, MFA should be enabled on all UniFi controller accounts.","2026-05-22T15:49:16.823838Z","Ubiquiti Inc",[260],"UniFi Network Application",{"id":262,"title":263,"summary":264,"published_at":265,"severity":207,"vendor":266,"products":267},9,"SQL Injection in Drupal Core","Drupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL databases. This can lead to information disclosure, and in some cases privilege escalation, remote code execution, or other attacks. This vulnerability can be exploited by anonymous users.\r\n\r\nAffected versions: \r\n>= 8.9.0 \u003C 10.4.10 || >= 10.5.0 \u003C 10.5.10 || >= 10.6.0 \u003C 10.6.9 || >= 11.0.0 \u003C 11.1.10 || >= 11.2.0 \u003C 11.2.12 || >= 11.3.0 \u003C 11.3.10\r\n\r\nThis SQL injection vulnerability only affects sites using PostgreSQL. However, the third-party dependency updates in these releases apply to all sites.","2026-05-22T12:55:49.679012Z","",[268],"Drupal",{"id":270,"title":271,"summary":272,"published_at":273,"severity":207,"vendor":266,"products":274},10,"Pre-authentication Code Injection in version 1.0.0 or later of ChromaDB Python","A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the \u002Fapi\u002Fv2\u002Ftenants\u002F{tenant}\u002Fdatabases\u002F{db}\u002Fcollections endpoint.","2026-05-20T09:00:17.594757Z",[275],"ChromaDB"]