Common Vulnerabilities and Exposures (CVE)

CVE-2026-15094

Jul 17, 2026 05:35:59 UTC

The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'check_in_date' parameter in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes i...

CVE-2026-15982

Jul 17, 2026 05:35:58 UTC

The Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.8.4. This is due to due to a missing capability check on...

CVE-2026-10649

Jul 17, 2026 05:19:48 UTC

A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed remote message before authentication, an ...

CVE-2026-21770

Jul 17, 2026 04:42:54 UTC

HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a DLL hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content.

CVE-2026-58317

Jul 17, 2026 04:14:03 UTC

Unsigned to Signed Conversion Error (CWE-196) vulnerability exists in TTSSH2 plugin of Tera Term provided by TeraTerm Project. When Tera Term attempts to establish an SSH connection to a server set up by an attacker, out-of-bounds read/writ...

CVE-2026-60060

Jul 17, 2026 04:13:38 UTC

Improper Handling of Length Parameter Inconsistency (CWE-130) vulnerability exists in TTSSH2 plugin of Tera Term provided by TeraTerm Project. When Tera Term attempts to establish an SSH connection to a server set up by an attacker, out-of-...

CVE-2026-50311

Jul 17, 2026 03:56:40 UTC

Improper access control in Windows Server allows an authorized attacker to elevate privileges locally.

CVE-2026-59866

Jul 17, 2026 03:56:39 UTC

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, Kiota emitted x-ms-kiota-info clientClassName and clientNamespaceName values without identifier or path sanitization as both generated client class or namespace names an...

CVE-2026-59864

Jul 17, 2026 03:56:38 UTC

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, `kiota plugin add` and `kiota plugin generate` (with `-t APIPlugin`) emitted attacker-controlled static_template.file values from x-ai-adaptive-card and x-ai-capabilitie...

CVE-2026-59865

Jul 17, 2026 03:56:38 UTC

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, `kiota info` read x-ms-kiota-info.languagesInformation.<language>.dependencyInstallCommand plus dependency name and version values from an OpenAPI description and presen...

CVE-2026-59859

Jul 17, 2026 03:56:37 UTC

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.4, Kiota's PHP generator embedded OpenAPI description, default fields, property names, and other schema-derived strings into PHP double-quoted literals through SanitizeDoub...

CVE-2026-59862

Jul 17, 2026 03:56:36 UTC

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.0, Kiota's Python generator let attacker-controlled enum value descriptions from x-ms-enum.values[].description flow through KiotaBuilder.SetEnumOptions into Documentation....

CVE-2026-59861

Jul 17, 2026 03:56:35 UTC

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.0, Kiota's Ruby generator embedded OpenAPI default fields, property names, and other schema-derived strings through CodeMethodWriter.cs and SanitizeForQuotedLiteral() in Wr...

CVE-2026-59860

Jul 17, 2026 03:56:34 UTC

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.3, Kiota is affected by a code-generation injection vulnerability in the C# XML documentation-comment sink (the description, externalDocs label, and externalDocs link field...

CVE-2026-50321

Jul 17, 2026 03:56:33 UTC

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Driver allows an authorized attacker to elevate privileges locally.