Common Vulnerabilities and Exposures (CVE)

CVE-2026-8163

Jun 23, 2026 06:00:02 UTC

The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, leading to a SQL Injection vulnerability exploitable by authenticated users with Subscriber-level...

CVE-2026-7842

Jun 23, 2026 06:00:02 UTC

The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validate the orderby and order parameters in the import_list(), url_detail(), and file_detail() admin page callbacks before using them in...

CVE-2026-56422

Jun 23, 2026 05:58:54 UTC

Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys (id) and ownership/scope foreign keys (event_id, org_id, user_id, sharing_group_id, galaxy_cluster_uuid, organisation_uuid...

CVE-2026-56446

Jun 23, 2026 05:57:20 UTC

MISP allowed a site administrator to configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Because log entries can include attacker-controlled content, an authenticated attacker with site administrator privile...

CVE-2026-48908

Jun 23, 2026 05:53:38 UTC

A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.

CVE-2026-48939

Jun 23, 2026 05:52:44 UTC

A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.

CVE-2026-48909

Jun 23, 2026 05:52:22 UTC

SP LMS (com_splms) < 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthenticated remote attacker to execute arbitrary code on the server.

CVE-2026-12866

Jun 23, 2026 05:00:00 UTC

All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction() API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function(). Becaus...

CVE-2026-11623

Jun 23, 2026 04:49:28 UTC

A security vulnerability has been detected in tmux up to 3.6a. Affected is the function image_free of the file image.c. Such manipulation leads to use after free. Local access is required to approach this attack. This attack is characterize...

CVE-2026-44272

Jun 23, 2026 03:56:08 UTC

Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially expl...

CVE-2026-44274

Jun 23, 2026 03:56:06 UTC

Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Link Resolution Before File Access vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unautho...

CVE-2026-9697

Jun 23, 2026 03:56:05 UTC

Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI (socks5:// or socks://). The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-...

CVE-2026-6734

Jun 23, 2026 03:56:04 UTC

Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first ...

CVE-2026-11834

Jun 23, 2026 03:56:03 UTC

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulne...

CVE-2026-10789

Jun 23, 2026 03:56:02 UTC

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may a...