Common Vulnerabilities and Exposures (CVE)

CVE-2026-57393

Jul 13, 2026 08:41:24 UTC

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce PDF Invoic...

CVE-2026-15546

Jul 13, 2026 08:15:12 UTC

A security flaw has been discovered in Shibby Tomato up to 1.28.0000. Affected by this issue is the function sub_2D568 of the component start_jffs2. Performing a manipulation of the argument jffs2_exec results in os command injection. Remot...

CVE-2026-10103

Jul 13, 2026 07:57:11 UTC

Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to verify post ownership in the shared channel inbound sync handler, which allows an authenticated remote cluster to modify or delete posts authored by local u...

CVE-2026-62143

Jul 13, 2026 07:52:08 UTC

A Server-Side Request Forgery (SSRF) protection bypass existed in the html_to_markdown expansion module of misp-modules. The module attempts to prevent requests to loopback, private, link-local, and other restricted IP address ranges. Howe...

CVE-2026-9571

Jul 13, 2026 07:50:55 UTC

Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to invalidate OAuth refresh tokens upon user account deactivation, which allows a deactivated user or an attacker in possession of a valid refresh token to obt...

CVE-2026-57830

Jul 13, 2026 07:30:12 UTC

The Joomla extension Helix Ultimate is vulnerable to an unauthenticated arbitrary file deletion.

CVE-2026-15543

Jul 13, 2026 07:15:09 UTC

A vulnerability was found in Tenda CH22 1.0.0.1. This impacts the function formCertListInfo of the file /goform/CertListInfo. The manipulation of the argument Name results in buffer overflow. The attack can be launched remotely. The exploit...

CVE-2026-15542

Jul 13, 2026 07:00:09 UTC

A vulnerability has been found in will-moss Isaiah up to 1.36.9. This affects an unknown function of the file app/main.go of the component Websocket Connection Authentication. The manipulation leads to improper authentication. The attack ca...

CVE-2026-15540

Jul 13, 2026 06:30:08 UTC

A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page ...

CVE-2026-14209

Jul 13, 2026 06:21:10 UTC

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions (FGAPv2) are enabled, an administrator who should only be able to ...

CVE-2026-15537

Jul 13, 2026 05:45:09 UTC

A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be e...

CVE-2026-15536

Jul 13, 2026 05:30:09 UTC

A vulnerability was identified in itsourcecode Hospital Management System 1.0. This affects an unknown part of the file /patviewprescription.php. The manipulation of the argument delid leads to sql injection. Remote exploitation of the atta...

CVE-2026-13757

Jul 13, 2026 05:10:06 UTC

A flaw was found in p11-kit. The RPC message attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_value() form a mutually-recursive call chain with no recursion depth limit when processing nest...

CVE-2026-15533

Jul 13, 2026 04:45:06 UTC

A security flaw has been discovered in DedeCMS 5.7.118. Impacted is an unknown function of the file /plus/search.php of the component Column Management. Performing a manipulation of the argument Column Name results in code injection. The at...

CVE-2026-15530

Jul 13, 2026 04:00:08 UTC

A flaw has been found in WuzhiCMS up to 4.1.0. Affected by this vulnerability is the function config/listimage of the file /index.php?m=attachment&f=index&v=upload of the component Attachment API. Executing a manipulation can lead to inform...