Common Vulnerabilities and Exposures (CVE)

CVE-2026-56291

Jul 11, 2026 05:28:12 UTC

The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

CVE-2026-34481

Jul 11, 2026 04:55:42 UTC

Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values (NaN, I...

CVE-2026-7655

Jul 11, 2026 04:32:59 UTC

The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including, 4.2.3. This is due to the plugin not properly validating a user's identity prior to updating their details like e...

CVE-2026-13378

Jul 11, 2026 04:32:58 UTC

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 Form Field in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escapi...

CVE-2026-21042

Jul 11, 2026 03:55:21 UTC

Out-of-bounds write in libsavsac.so prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code.

CVE-2026-21043

Jul 11, 2026 03:55:20 UTC

Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege.

CVE-2026-21046

Jul 11, 2026 03:55:19 UTC

Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code.

CVE-2026-21049

Jul 11, 2026 03:55:18 UTC

Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code.

CVE-2026-21052

Jul 11, 2026 03:55:18 UTC

Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege.

CVE-2026-21055

Jul 11, 2026 03:55:17 UTC

Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege.

CVE-2026-15028

Jul 11, 2026 03:55:16 UTC

A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.hol...

CVE-2026-0276

Jul 11, 2026 03:55:15 UTC

A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions as the root user.

CVE-2026-0278

Jul 11, 2026 03:55:14 UTC

Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Agent on macOS is not affected.

CVE-2026-48939

Jul 11, 2026 03:55:13 UTC

A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.

CVE-2026-1832

Jul 11, 2026 03:44:25 UTC

The ThriveDesk – Live Chat, AI Chatbot, Helpdesk & Knowledge Base plugin for WordPress is vulnerable to unauthorized cache deletion due to a missing capability check on the 'thrivedesk_clear_cache' AJAX action in all versions up to, and inc...