All CosmicBytez Labs articles tagged #NVD, across news, security advisories, how-to guides, and projects.
A critical stack-based buffer overflow vulnerability in Arm Whois 3.11 (CVSS 9.8) allows remote attackers to execute arbitrary code by supplying oversized input, overwriting the structured exception handler with shellcode.
A remotely exploitable improper authorization vulnerability in the SourceCodester Water Billing Management System 1.0 allows unauthenticated attackers to perform unauthorized actions via the User Management endpoint.
A CVSS 7.3 SQL injection vulnerability in SourceCodester's Computer Repair Shop Management System v1.0 allows remote attackers to extract sensitive data via the ID parameter in the admin product management endpoint.
An incorrect permission assignment vulnerability in Fujitsu ServerView Agents for Windows V11.60.04 and earlier allows a local authenticated attacker to escalate privileges to SYSTEM on the affected server.
The Kirki Freeform Page Builder plugin for WordPress (versions 6.0.0–6.0.6) allows unauthenticated attackers to take over any user account during password reset by accepting an arbitrary email address, enabling full privilege escalation. CVSS 9.8.
The Really Simple Security WordPress plugin before 9.5.10.1 fails to enforce the second-factor challenge on two REST API endpoints, allowing attackers with a valid password to bypass two-factor authentication and gain full account access. CVSS 7.5.
Multiple unauthenticated SQL injection vulnerabilities in eNdonesia Portal 8.7 allow attackers to extract sensitive database contents via the artid, cid,...
Multiple unauthenticated SQL injection vulnerabilities in eNdonesia Portal 8.7 expose the publisher, artikel, and info modules to database extraction...
An unauthenticated SQL injection vulnerability in MGB OpenSource Guestbook 0.7.0.2 allows attackers to extract sensitive database contents via the 'id'...
A critical unauthenticated arbitrary file upload vulnerability in Delta Sql 1.8.2 allows attackers to upload malicious PHP files and achieve remote code...
A high-severity authentication bypass vulnerability in OUSL-GROUP BrinaryBrains School Student Management System allows manipulation of the sign_auth_cookie function, enabling unauthorized access via crafted cookie values. CVSS 7.3.
A Commerce Inspector General report exposes how mismanagement allowed a backlog of more than 27,000 unprocessed security flaws to grow unchecked in the...
A remotely exploitable SQL injection vulnerability in code-projects Student Details Management System 1.0 allows attackers to manipulate database queries...
A broken authentication check in the Simple History WordPress plugin (versions up to 5.26.0) allows Subscriber-level users to take over any WordPress...
The GEO my WP WordPress plugin (versions up to 4.5.5) is vulnerable to unauthenticated SQL injection via the swlatlng and nelatlng parameters, which...
A CVSS 9.0 OS command injection flaw in Samba allows remote attackers to execute arbitrary commands on file servers and domain controllers using the %u...
A CVSS 9.0 code execution flaw in Comet Backup's backup agent signing module allows an authenticated tenant administrator to execute arbitrary code on...
OS command injection (CVSS 9.1) in Perl's HTTP::Daemon lets attackers run arbitrary commands via magic prefix abuse in send_file's two-arg open().
A remotely exploitable SQL injection vulnerability in the admin panel of itsourcecode Electronic Judging System 1.0 allows attackers to manipulate database.
A critical blind SQL injection vulnerability in the WP Directory Kit WordPress plugin allows unauthenticated attackers to exfiltrate the entire WordPress...
A critical deserialization vulnerability in Apache Fury's Python library PyFury allows attackers to bypass DeserializationPolicy validation hooks via the...
A CVSS 7.5 SQL injection vulnerability in the WP ERP Pro WordPress plugin (all versions up to 1.5.1) allows unauthenticated attackers to extract sensitive...
A CVSS 9.1 critical command injection vulnerability in Honeywell's Control Network Module web interface allows remote attackers to execute arbitrary...
A heap-based buffer overflow in the Netatalk CNID daemon comm_rcv() function allows a remote authenticated attacker to execute arbitrary code with...
An authenticated Remote Code Execution vulnerability in GlassFish's Administration Console (CVSS 9.1) allows users with panel access to execute arbitrary...
A critical CVSS 9.6 Remote Code Execution vulnerability in GlassFish's server-side gadget handler allows attackers to inject Expression Language...
A critical CVSS 9.8 Server-Side Request Forgery vulnerability in scalar/astro v0.1.13 allows unauthenticated attackers to force the backend server to make...
CVE-2026-39079 is a CVSS 7.5 (High) information disclosure vulnerability in the PrestaShop upsshipping module affecting all versions through 2.4.0. Remote...
A critical CVSS 9.8 vulnerability in iDS6 DSSPro Digital Signage System 6.2 allows attackers to retrieve valid CAPTCHA codes from the login endpoint and...
A critical CVSS 9.8 memory safety flaw in libbabl 0.1.62 allows attackers to call babl_free() twice on the same pointer without triggering the library's...
The Form Notify plugin for WordPress is vulnerable to authentication bypass in versions up to and including 1.1.10. Attackers can manipulate...
A supply chain attack compromised official DAEMON Tools Lite installation packages distributed from daemon-tools.cc between April 8 and May 5, 2026,...
A CVSS 7.5 denial-of-service vulnerability in Apple iOS and iPadOS allows a remote attacker to exhaust device resources and crash the operating system...
A critical unauthenticated SQL injection vulnerability in Beauty Parlour Management System v1.1 allows attackers to dump the entire backend database via a...
A missing sighash validation in ZEBRA, the Rust-based Zcash node, allowed invalid V5 transactions to pass consensus checks — patched in zebrad 4.3.1 and...
A timing attack vulnerability in RELATE's check_sign_in_key() function could allow attackers to infer valid sign-in keys through response time differences...
A critical unauthenticated vulnerability in Plunk, the open-source AWS SES email platform, allows attackers to forge Amazon SNS webhook payloads without...
A critical improper access control flaw in Azure Managed Instance for Apache Cassandra allows an authorized network attacker to execute arbitrary code,...
The Brizy Page Builder plugin for WordPress contains a critical unauthenticated Stored Cross-Site Scripting flaw in versions up to 2.8.11, enabling...
A critical CVSS 9.1 vulnerability in Plack::Middleware::XSendfile versions through 1.0053 allows remote attackers to control the X-Sendfile-Type header,...
A CVSS 9.8 critical vulnerability in Snap One WattBox 800 and 820 series firmware exposes undisclosed diagnostic HTTP endpoints protected only by the...
A CVSS 9.6 critical use-after-free vulnerability in the GPU component of Google Chrome prior to 147.0.7727.138 allows a remote attacker to potentially...
A CVSS 8.1 high-severity collection of memory safety bugs affects Firefox 149, Firefox ESR 140.9, Firefox ESR 115.34, Thunderbird 149, and Thunderbird ESR...
A critical CVSS 9.8 OS command injection vulnerability in the Totolink A8000RU router allows unauthenticated remote attackers to execute arbitrary...
CVE-2026-7002 is a CVSS 7.3 SQL injection vulnerability in KLiK SocialMediaWebsite up to version 1.0.1, exploitable remotely via the c_id parameter in the...
A CVSS 7.3 server-side request forgery vulnerability in Typecho up to 1.3.0 allows attackers to manipulate the X-Pingback/link argument in Service.php to...
A critical CVSS 9.9 elevation of privilege vulnerability in Azure IoT Central allows an authenticated attacker to escalate privileges over a network by...
ThinkPHP 5.0.23 contains a critical unauthenticated remote code execution vulnerability allowing attackers to invoke arbitrary PHP functions via a crafted...
ELBA5 5.8.0 contains a critical remote code execution vulnerability where default database connector credentials allow attackers to connect to the...
A critical improper access control vulnerability in EspoCRM's built-in formula scripting engine allows authenticated administrators to overwrite the...
A critical SQL injection vulnerability in Jellystat, the open-source statistics app for Jellyfin, allows authenticated users to execute arbitrary SQL...
A critical CVSS 9.1 authorization bypass in the WordPress Create DB Tables plugin (all versions up to 1.2.1) allows unauthenticated users to create or...
A high-severity vulnerability in Oracle Life Sciences Empirica Signal versions 9.2.1-9.2.3 allows a low-privileged attacker with network access via HTTP...
A critical OS command injection vulnerability in NewSoftOA by NewSoft allows unauthenticated local attackers to inject and execute arbitrary OS commands...
The National Institute of Standards and Technology will stop assigning CVSS severity scores to lower-priority vulnerabilities in the NVD as CVE submission...
A path traversal vulnerability in KodExplorer up to v4.52 allows remote attackers to read arbitrary files via the share.class.php Public Share Handler,...
A high-severity SQL injection vulnerability in WeGIA, a web manager for charitable institutions, allows authenticated attackers to escalate privileges by...
Rukovoditel CRM versions 3.6.4 and earlier contain a critical reflected XSS vulnerability in the Zadarma telephony API endpoint. The application reflects...
Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by a critical prototype pollution vulnerability (CWE-1321) that can lead...
Six Apart's Movable Type CMS contains a critical code injection vulnerability allowing unauthenticated attackers to execute arbitrary Perl scripts on...
A critical privilege escalation vulnerability in the Users Manager – PN WordPress plugin (v1.1.15 and below) allows unauthenticated attackers to update...
GLPI versions 11.0.0 through 11.0.5 contain a server-side template injection vulnerability in the administrator interface that allows authenticated admins...
A critical CVSS 9.8 path traversal vulnerability in goshs, a SimpleHTTPServer written in Go, allows unauthenticated attackers to write arbitrary files via...
A remotely exploitable SQL injection vulnerability (CVE-2026-5637) has been disclosed in projectworlds Car Rental System 1.0. The flaw exists in...
An unauthenticated SQL injection vulnerability in ResourceSpace 8.6 allows attackers to execute arbitrary database queries via the 'ref' parameter in...
A high-severity SQL injection vulnerability in itsourcecode Online Enrollment System 1.0 allows remote unauthenticated attackers to manipulate the USERID...
A high-severity SQL injection vulnerability in code-projects Simple Laundry System 1.0 allows remote unauthenticated attackers to manipulate the firstName...
A high-severity denial-of-service vulnerability in DokuWiki v.2025-05-14b 'Librarian' allows remote attackers to crash the application by exploiting the...
A critical server-side request forgery vulnerability in Azure Custom Locations Resource Provider allows an authorized attacker to elevate privileges over...
A critical unauthenticated SQL injection vulnerability (CVSS 9.1) in the setinfo endpoint allows remote attackers to corrupt data and cause denial of...
A CVSS 10.0 critical vulnerability in Juju versions 3.2.0–3.6.18 and 4.0–4.0.3 allows unauthenticated attackers to connect directly to the internal Dqlite...
A high-severity heap buffer overflow in Chrome's GPU component allows remote attackers to execute arbitrary code via a crafted HTML page. Affects all...
A critical path traversal vulnerability in MLflow's extract_archive_to_dir function allows attackers to write arbitrary files outside the intended...
A maximum-severity command injection vulnerability in MLflow's model serving container initialization allows attackers to execute arbitrary OS commands...
GitLab has patched a high-severity vulnerability in its Jira Connect integration affecting CE/EE versions from 14.3 through 18.10 that allowed an...
A critical CVSS 9.8 vulnerability in OpenClaw allows attackers to bypass the exec allowlist by exploiting improper glob pattern normalization where the ?...
A critical CVSS 9.8 authorization bypass in OpenClaw's Zalouser allowlist mode matches mutable group display names instead of stable identifiers, letting...
A critical CVSS 9.8 vulnerability in OpenClaw allows attackers to replay a valid bootstrap setup code multiple times before approval, escalating device...
A server-side request forgery vulnerability in elecV2P up to version 3.8.3 allows remote attackers to manipulate the eAxios function via the /mock...
A Server-Side Request Forgery vulnerability in the Oxygen Theme plugin for WordPress (all versions up to 6.0.8) enables unauthenticated attackers to make...
A critical vulnerability in Gematik Authenticator prior to version 4.16.0 allows attackers to hijack authentication sessions via malicious deep links,...
A critical unauthenticated information disclosure vulnerability in SiYuan, the personal knowledge management system, allows remote attackers to retrieve...
A critical path traversal vulnerability in SiYuan's /api/file/readDir interface allows unauthenticated remote attackers to traverse notebook directories...
A critical chain of vulnerabilities in WWBN AVideo's CloneSite plugin allows fully unauthenticated attackers to achieve remote code execution via key...
A CVSS 9.8 Critical stack-based buffer overflow in Tenda A15 firmware 15.13.07.13 allows unauthenticated remote attackers to execute arbitrary code by...
A critical flaw in jsrsasign versions 7.0.0 through 11.1.0 allows attackers to recover DSA private keys by exploiting biased nonce generation in the...
The Import and export users and customers plugin for WordPress is vulnerable to privilege escalation in all versions up to 1.29.7, allowing authenticated...
A CVSS 8.8 stack-based buffer overflow in D-Link DHP-1320 firmware 1.00WWB04 allows unauthenticated remote attackers to execute arbitrary code via a...
A critical unauthenticated remote code execution vulnerability (CVSS 9.8) in Oracle's Edge Cloud Infrastructure Designer and Visualisation Toolkit allows...
A critical (CVSS 9.6) authorization bypass vulnerability in the moodle-mod_customcert plugin allows any teacher with manage capability in a single course...
A high-severity OS command injection vulnerability (CVSS 9.1) in the Angeet ES3 KVM switch allows authenticated attackers to execute arbitrary OS-level...
A stored cross-site scripting vulnerability in RealtyScript 4.0.2 allows attackers to inject malicious JavaScript via the location_name parameter in the...
A SQL injection vulnerability in Galaxy Forces MMORPG version 0.5.8 has been formally catalogued by NVD, enabling authenticated attackers to extract...
A denial of service vulnerability in AMPPS 2.7, a local web server stack for developers, has been formally assigned CVE-2018-25169 with a CVSS score of...
A critical unauthenticated RCE vulnerability in International Datacasting Corporation's SFX Series satellite receivers allows attackers to execute...