Search Results (9529 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-13544 1 Feehi 1 Cms 2026-06-29 6.3 Medium
A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVE-2026-22078 1 Oppo 1 O+ Connect 2026-06-29 7.3 High
Because O+ Connect's IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel.
CVE-2026-12415 2 Pravel, Wordpress 2 Invoice Generator, Wordpress 2026-06-29 9.8 Critical
The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravel_invoice_edit_account() AJAX action in versions up to, and including, 1.0.0. The handler is exposed via wp_ajax_nopriv_pravel_invoice_edit_account, accepts an attacker-controlled user_id and user_email from POST data, and calls wp_update_user() without verifying authentication, ownership, or a nonce. This makes it possible for unauthenticated attackers to change the email address of any user, including administrators, and then trigger WordPress's password reset flow to gain access to the targeted account.
CVE-2026-45259 1 Freebsd 1 Freebsd 2026-06-29 6.5 Medium
sigqueue(2) was marked as permitted in capability mode with the introduction of Capsicum in 2011, but the implementation of kern_sigqueue did not include a capability mode check restricting signal delivery to the calling process's own PID. A process in capability mode can use sigqueue(2) to send signals to any process it could signal following standard Unix permissions, bypassing the Capsicum sandbox restriction. A compromised sandboxed process could interfere with other processes, for example by sending SIGKILL or SIGSTOP. This could be any process running as the same user, or any process, for a superuser sandboxed process.
CVE-2026-49413 1 Freebsd 1 Freebsd 2026-06-29 7.1 High
The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the P_SUGID process flag. During execve(2), this flag is not yet set at the point where the auxiliary vector is constructed, so AT_SECURE was incorrectly set to zero for set-user-ID and set-group-ID executables. An unprivileged local user can inject a shared library via LD_PRELOAD into a set-user-ID or set-group-ID Linux binary, gaining the privileges of that binary.
CVE-2026-58054 1 Mybb 1 Mybb 2026-06-29 7.2 High
MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers the Administrators group (gid 4) and its datahandler's verify_usergroup() unconditionally returns true. An admin holding only the delegated user-management permission can assign the Administrators group to an account and escalate to the full Administrator permission set.
CVE-2026-13511 1 Voltagent 1 Voltagent 2026-06-29 3.1 Low
A vulnerability was determined in VoltAgent up to 2.1.17. Affected by this issue is the function handleGetMemoryConversation of the file packages/server-core/src/handlers/memory.handlers.ts of the component Memory REST API. Executing a manipulation of the argument conversationId can lead to improper authorization. The attack may be performed from remote. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.
CVE-2026-13568 1 Sourcecodester 1 Inventory Management System 2026-06-29 7.3 High
A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/users_handler.php of the component User Registration Endpoint. This manipulation of the argument role causes improper access controls. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
CVE-2026-22069 1 Oppo 1 O+ Connect 2026-06-29 7.3 High
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-53200 1 Linux 1 Linux Kernel 2026-06-28 8.8 High
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: nv: Fix handling of XN[0] when !FEAT_XNX XN has already been extracted from its bitfield position so using FIELD_PREP() on the mask that clears XN[0] is completely broken, having the effect of unconditionally granting execute permissions... Fix the obvious mistake by manipulating the right bit.
CVE-2026-53075 1 Linux 1 Linux Kernel 2026-06-28 8.8 High
In the Linux kernel, the following vulnerability has been resolved: ppp: require CAP_NET_ADMIN in target netns for unattached ioctls /dev/ppp open is currently authorized against file->f_cred->user_ns, while unattached administrative ioctls operate on current->nsproxy->net_ns. As a result, a local unprivileged user can create a new user namespace with CLONE_NEWUSER, gain CAP_NET_ADMIN only in that new user namespace, and still issue PPPIOCNEWUNIT, PPPIOCATTACH, or PPPIOCATTCHAN against an inherited network namespace. Require CAP_NET_ADMIN in the user namespace that owns the target network namespace before handling unattached PPP administrative ioctls. This preserves normal pppd operation in the network namespace it is actually privileged in, while rejecting the userns-only inherited-netns case.
CVE-2026-56010 2 Tychesoftwares, Wordpress 2 Abandoned Cart Pro For Woocommerce, Wordpress 2026-06-26 8.8 High
Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions.
CVE-2026-45256 1 Freebsd 1 Freebsd 2026-06-26 5.5 Medium
When used to deliver a signal to a specific thread, thr_kill2(2) called p_cansignal() to determine whether the operation was permitted but did not check the result before delivering the signal. The signal was sent even when the permission check failed. The system call returned the resulting error to the caller, but by then the signal had already been delivered. The missing check allows an unprivileged local user who knows or can guess a target's process and thread IDs to send any signal to a process they would not normally be permitted to signal, including processes owned by other users or by root. The same check enforces jail boundaries, so a jailed process can signal processes on the host or in other jails. Thread IDs are allocated globally and sequentially, and so can be discovered by brute force with no visibility into the target. An attacker can stop or terminate arbitrary processes, including critical system daemons, resulting in a Denial of Service (DoS).
CVE-2026-53249 1 Linux 1 Linux Kernel 2026-06-26 7.0 High
In the Linux kernel, the following vulnerability has been resolved: ipv4: restrict IPOPT_SSRR and IPOPT_LSRR options This patch restricts setting Loose Source and Record Route (LSRR) and Strict Source and Record Route (SSRR) IP options to users with CAP_NET_RAW capability. This prevents unprivileged applications from forcing packets to route through attacker-controlled nodes to leak TCP ISN and possibly other protocol information. While LSRR and SSRR are commonly filtered in many network environments, they may still be supported and forwarded along some network paths. RFC 7126 (Recommendations on Filtering of IPv4 Packets Containing IPv4 Options) recommend to drop these options in 4.3 and 4.4.
CVE-2026-53168 1 Linux 1 Linux Kernel 2026-06-26 7.0 High
In the Linux kernel, the following vulnerability has been resolved: fuse: reject fuse_notify() pagecache ops on directories The operations FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE allow the FUSE daemon to actively write/read pagecache contents. For directories with FOPEN_CACHE_DIR, the pagecache is used as kernel-internal cache storage, and userspace is not supposed to have direct access to this cache - in particular, fuse_parse_cache() will hit WARN_ON() if the cache contains bogus data. Reject FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE on anything other than regular files with -EINVAL.
CVE-2026-36213 1 Microvirt 1 Memu Android Emulator 2026-06-26 7.8 High
An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.exe component.
CVE-2026-39470 2 Brainstorm Force, Wordpress 2 Woocommerce Cart Abandonment Recovery, Wordpress 2026-06-26 7.2 High
Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery < 2.1.0 versions.
CVE-2024-38487 1 Dell 1 Emc Vxrail Appliance 2026-06-26 7 High
api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions.
CVE-2026-49111 2 Themegrill, Wordpress 2 Masteriyo, Wordpress 2026-06-26 8.8 High
Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0.
CVE-2026-27407 2 Meowapps, Wordpress 2 Ai Engine, Wordpress 2026-06-26 7.2 High
Editor Privilege Escalation in AI Engine <= 3.4.9 versions.