All CosmicBytez Labs articles tagged #NVD, across news, security advisories, how-to guides, and projects.
Critical privilege escalation in the Aimogen Pro WordPress plugin (all versions up to 2.8.4) — missing capability check on AI function allows any authenticated user to gain administrator-level access.
A critical Server-Side Template Injection vulnerability in Centreon's centreon-open-tickets module allows unauthenticated attackers to achieve Remote Code Execution via the unsanitized message_confirm field.
A high-severity unrestricted file upload vulnerability in shiroiAdmin versions 1.1 and 1.3 allows unauthenticated remote attackers to upload PHP webshells and achieve remote code execution.
A cryptographically weak random number generator in the GenerateRandomPassword function of bosh-windows-stemcell-builder allows remote attackers to...
A critical CVSS 9.8 authorization bypass in the WP Learn Manager WordPress plugin allows unauthenticated attackers to install and activate arbitrary...
A critical CVSS 9.1 vulnerability in the Simple Coherent Form WordPress plugin allows unauthenticated attackers to delete arbitrary files on the server,...
A critical CVSS 9.8 improper authentication vulnerability in Dassault Systèmes DELMIA Apriso (releases 2020–2026) allows unauthenticated attackers to gain...
A critical CVSS 9.8 vulnerability in the Eventer WordPress plugin exposes plaintext password reset keys in user meta, allowing unauthenticated attackers...
An unauthenticated remote SQL injection vulnerability in SourceCodester's Class and Exam Timetabling System 1.0 allows attackers to manipulate the id...
A missing authentication vulnerability (CVSS 7.3) in the jairiidriss/restaurant-website-php-mysql project exposes the /admin/ajax_files endpoint to...
A CVSS 9.8 critical SQL injection in the Destekz plugin by Raera - Ankara Web Design allows unauthenticated remote attackers full database access. The...
A high-severity OS command injection vulnerability in Dell PowerProtect Data Domain allows authenticated remote attackers to execute arbitrary commands...
Critical path bypass vulnerability in @fastify/middie versions 9.1.0 through 9.3.2 allows attackers to evade middleware protection by exploiting a %2F...
A critical SQL injection vulnerability (CVSS 9.8) in the UTT nv518G router allows unauthenticated remote attackers to execute arbitrary code via the...
IBM DevOps Automation and IBM DevOps Loop fail to invalidate session IDs after expiration, allowing authenticated attackers to impersonate other users via...
A critical unauthenticated SQL injection vulnerability in the EventON WordPress Virtual Event Calendar Plugin affects versions up to 5.0.11, exposing...
A critical CVSS 9.8 vulnerability in the ProfileGrid WordPress plugin allows unauthenticated attackers to take over any user account and escalate...
A high-severity SQL injection vulnerability has been identified in itsourcecode Baptism Information Management System 1.0, allowing remote attackers to...
A second high-severity SQL injection vulnerability has been disclosed in itsourcecode Baptism Information Management System 1.0, this time affecting the...
A CVSS 9.9 critical vulnerability in the Paid Videochat Turnkey Site WordPress plugin allows authenticated performer-role users to delete arbitrary files...
A remotely exploitable SQL injection vulnerability affects SourceCodester Class and Exam Timetabling System 1.0 via the course_year_section parameter in...
A critical unauthenticated SQL injection vulnerability (CVSS 9.8) in the JoomCCK Joomla extension allows attackers to read, modify, or delete database...
A high-severity SQL injection vulnerability in SourceCodester's Class and Exam Timetabling System 1.0 allows unauthenticated remote attackers to...
A second high-severity SQL injection vulnerability in SourceCodester Class and Exam Timetabling System 1.0 targets /preview6.php via the...
A high-severity SQL injection vulnerability in SourceCodester Class and Exam Timetabling System 1.0 allows unauthenticated attackers to manipulate the...
A high-severity SQL injection vulnerability in SourceCodester Class and Exam Timetabling System 1.0 allows unauthenticated attackers to manipulate the...
A high-severity SQL injection vulnerability in yashpokharna2555's restaurant management system allows unauthenticated attackers to exploit the...
CVE-2026-58053 was disclosed on June 28, 2026 with an informational severity rating. NVD analysis is pending; no exploitation or vendor advisory has been...
A critical unauthenticated SQL injection vulnerability (CVSS 9.3) in the JetBooking WordPress plugin affects all versions up to 4.0.4.1, potentially...
A critical authentication bypass in Flowise allows unauthenticated attackers to register accounts via an unprotected API endpoint and gain full platform...
A critical path traversal vulnerability in the qrscp DICOM application allows unauthenticated attackers to write files to arbitrary server paths via...
A critical path traversal vulnerability in FileRise before 3.16.0 allows unauthenticated attackers to write arbitrary files and completely compromise...
A critical Local File Inclusion vulnerability in the BetterDocs Pro WordPress plugin (up to v3.8.0) allows unauthenticated attackers to include and...
A critical unauthenticated SQL injection vulnerability (CVSS 9.3) in the InPost Gallery WordPress plugin allows attackers to extract sensitive database...
A high-severity unauthenticated remote code execution vulnerability (CVSS 8.8) in Premmerce Dev Tools for WordPress allows attackers to execute arbitrary...
The Bookly scheduling plugin for WordPress contains a stored cross-site scripting vulnerability in versions up to 27.2, allowing unauthenticated attackers...
A CVSS 10.0 critical sandbox escape in vm2 for Node.js allows sandboxed code to obtain the host TypeError constructor via Buffer.__lookupGetter__ abuse,...
A CVSS 10.0 critical sandbox escape in vm2 for Node.js allows attackers to bypass the require: false security option using falsy values, circumventing the...
A CVSS 10.0 critical sandbox escape in vm2 for Node.js allows sandboxed code to access the host process via the process and inspector/promises builtins,...
A CVSS 10.0 critical vulnerability in vm2 for Node.js allows sandbox code to escape and execute arbitrary OS commands on the host system. Patched in vm2 3.11.4.
A high-severity vulnerability (CVSS 9.0) in Cloud Foundry UAA allows attackers to bypass authentication by exploiting the incorrect treatment of XML...
A high-severity SQL injection vulnerability (CVSS 7.3) in CollegeManagementSystem allows attackers to manipulate the department_code parameter in…
A high-severity arbitrary file upload vulnerability in the MDJM Event Management plugin for WordPress allows authenticated attackers to upload malicious files…
A high-severity privilege escalation vulnerability in the Booking Package WordPress plugin allows unauthenticated or low-privileged attackers to take over…
A critical CVSS 9.4 vulnerability disables TLS certificate validation via TrustAllCerts routines and combines this with hard-coded DES symmetric encryption…
A critical CVSS 9.8 vulnerability exposes factory-level diagnostic interfaces left in retail firmware builds, allowing malicious applications to gain write…
A CVSS 9.9 critical vulnerability in ABB T-MAC Plus v4.0-24 exposes internal files and directories to external parties, allowing unauthenticated attackers to…
A CVSS 9.8 critical vulnerability allows unauthenticated remote attackers to recover a default hardcoded password from a firmware image, granting full…
A CVSS 9.1 critical flaw in MLflow AI Gateway allows server-side environment variables in api_key fields to be resolved and exfiltrated to attacker-controlled…
A critical cross-site scripting vulnerability in authentik's Simple Flow Executor AutosubmitStage allows attackers to execute arbitrary JavaScript via a…
A CVSS 9.8 critical Java deserialization vulnerability allows attackers to bypass ObjectInputFilter via TC_PROXYCLASSDESC, circumventing acceptMatchers…
A critical authentication bypass in authentik allows attackers to skip the Source stage entirely by sending an empty POST request, completely circumventing…
A critical stack-based buffer overflow vulnerability in Arm Whois 3.11 (CVSS 9.8) allows remote attackers to execute arbitrary code by supplying oversized…
A remotely exploitable improper authorization vulnerability in the SourceCodester Water Billing Management System 1.0 allows unauthenticated attackers to…
A CVSS 7.3 SQL injection vulnerability in SourceCodester's Computer Repair Shop Management System v1.0 allows remote attackers to extract sensitive data via…
An incorrect permission assignment vulnerability in Fujitsu ServerView Agents for Windows V11.60.04 and earlier allows a local authenticated attacker to…
The Kirki Freeform Page Builder plugin for WordPress (versions 6.0.0–6.0.6) allows unauthenticated attackers to take over any user account during password…
The Really Simple Security WordPress plugin before 9.5.10.1 fails to enforce the second-factor challenge on two REST API endpoints, allowing attackers with a…
Multiple unauthenticated SQL injection vulnerabilities in eNdonesia Portal 8.7 allow attackers to extract sensitive database contents via the artid, cid,...
Multiple unauthenticated SQL injection vulnerabilities in eNdonesia Portal 8.7 expose the publisher, artikel, and info modules to database extraction...
An unauthenticated SQL injection vulnerability in MGB OpenSource Guestbook 0.7.0.2 allows attackers to extract sensitive database contents via the 'id'...
A critical unauthenticated arbitrary file upload vulnerability in Delta Sql 1.8.2 allows attackers to upload malicious PHP files and achieve remote code...
A high-severity authentication bypass vulnerability in OUSL-GROUP BrinaryBrains School Student Management System allows manipulation of the sign_auth_cookie…
A Commerce Inspector General report exposes how mismanagement allowed a backlog of more than 27,000 unprocessed security flaws to grow unchecked in the...
A remotely exploitable SQL injection vulnerability in code-projects Student Details Management System 1.0 allows attackers to manipulate database queries...
A broken authentication check in the Simple History WordPress plugin (versions up to 5.26.0) allows Subscriber-level users to take over any WordPress...
The GEO my WP WordPress plugin (versions up to 4.5.5) is vulnerable to unauthenticated SQL injection via the swlatlng and nelatlng parameters, which...
A CVSS 9.0 OS command injection flaw in Samba allows remote attackers to execute arbitrary commands on file servers and domain controllers using the %u...
A CVSS 9.0 code execution flaw in Comet Backup's backup agent signing module allows an authenticated tenant administrator to execute arbitrary code on...
OS command injection (CVSS 9.1) in Perl's HTTP::Daemon lets attackers run arbitrary commands via magic prefix abuse in send_file's two-arg open().
A remotely exploitable SQL injection vulnerability in the admin panel of itsourcecode Electronic Judging System 1.0 allows attackers to manipulate database.
A critical blind SQL injection vulnerability in the WP Directory Kit WordPress plugin allows unauthenticated attackers to exfiltrate the entire WordPress...
A critical deserialization vulnerability in Apache Fury's Python library PyFury allows attackers to bypass DeserializationPolicy validation hooks via the...
A CVSS 7.5 SQL injection vulnerability in the WP ERP Pro WordPress plugin (all versions up to 1.5.1) allows unauthenticated attackers to extract sensitive...
A CVSS 9.1 critical command injection vulnerability in Honeywell's Control Network Module web interface allows remote attackers to execute arbitrary...
A heap-based buffer overflow in the Netatalk CNID daemon comm_rcv() function allows a remote authenticated attacker to execute arbitrary code with...
An authenticated Remote Code Execution vulnerability in GlassFish's Administration Console (CVSS 9.1) allows users with panel access to execute arbitrary...
A critical CVSS 9.6 Remote Code Execution vulnerability in GlassFish's server-side gadget handler allows attackers to inject Expression Language...
A critical CVSS 9.8 Server-Side Request Forgery vulnerability in scalar/astro v0.1.13 allows unauthenticated attackers to force the backend server to make...
CVE-2026-39079 is a CVSS 7.5 (High) information disclosure vulnerability in the PrestaShop upsshipping module affecting all versions through 2.4.0. Remote...
A critical CVSS 9.8 vulnerability in iDS6 DSSPro Digital Signage System 6.2 allows attackers to retrieve valid CAPTCHA codes from the login endpoint and...
A critical CVSS 9.8 memory safety flaw in libbabl 0.1.62 allows attackers to call babl_free() twice on the same pointer without triggering the library's...
The Form Notify plugin for WordPress is vulnerable to authentication bypass in versions up to and including 1.1.10. Attackers can manipulate...
A supply chain attack compromised official DAEMON Tools Lite installation packages distributed from daemon-tools.cc between April 8 and May 5, 2026,...
A CVSS 7.5 denial-of-service vulnerability in Apple iOS and iPadOS allows a remote attacker to exhaust device resources and crash the operating system...
A critical unauthenticated SQL injection vulnerability in Beauty Parlour Management System v1.1 allows attackers to dump the entire backend database via a...
A missing sighash validation in ZEBRA, the Rust-based Zcash node, allowed invalid V5 transactions to pass consensus checks — patched in zebrad 4.3.1 and...
A timing attack vulnerability in RELATE's check_sign_in_key() function could allow attackers to infer valid sign-in keys through response time differences...
A critical unauthenticated vulnerability in Plunk, the open-source AWS SES email platform, allows attackers to forge Amazon SNS webhook payloads without...
A critical improper access control flaw in Azure Managed Instance for Apache Cassandra allows an authorized network attacker to execute arbitrary code,...
The Brizy Page Builder plugin for WordPress contains a critical unauthenticated Stored Cross-Site Scripting flaw in versions up to 2.8.11, enabling...
A critical CVSS 9.1 vulnerability in Plack::Middleware::XSendfile versions through 1.0053 allows remote attackers to control the X-Sendfile-Type header,...
A CVSS 9.8 critical vulnerability in Snap One WattBox 800 and 820 series firmware exposes undisclosed diagnostic HTTP endpoints protected only by the...
A CVSS 9.6 critical use-after-free vulnerability in the GPU component of Google Chrome prior to 147.0.7727.138 allows a remote attacker to potentially...
A CVSS 8.1 high-severity collection of memory safety bugs affects Firefox 149, Firefox ESR 140.9, Firefox ESR 115.34, Thunderbird 149, and Thunderbird ESR...
A critical CVSS 9.8 OS command injection vulnerability in the Totolink A8000RU router allows unauthenticated remote attackers to execute arbitrary...
CVE-2026-7002 is a CVSS 7.3 SQL injection vulnerability in KLiK SocialMediaWebsite up to version 1.0.1, exploitable remotely via the c_id parameter in the...
A CVSS 7.3 server-side request forgery vulnerability in Typecho up to 1.3.0 allows attackers to manipulate the X-Pingback/link argument in Service.php to...
A critical CVSS 9.9 elevation of privilege vulnerability in Azure IoT Central allows an authenticated attacker to escalate privileges over a network by...
ThinkPHP 5.0.23 contains a critical unauthenticated remote code execution vulnerability allowing attackers to invoke arbitrary PHP functions via a crafted...
ELBA5 5.8.0 contains a critical remote code execution vulnerability where default database connector credentials allow attackers to connect to the...
A critical improper access control vulnerability in EspoCRM's built-in formula scripting engine allows authenticated administrators to overwrite the...
A critical SQL injection vulnerability in Jellystat, the open-source statistics app for Jellyfin, allows authenticated users to execute arbitrary SQL...
A critical CVSS 9.1 authorization bypass in the WordPress Create DB Tables plugin (all versions up to 1.2.1) allows unauthenticated users to create or...
A high-severity vulnerability in Oracle Life Sciences Empirica Signal versions 9.2.1-9.2.3 allows a low-privileged attacker with network access via HTTP...
A critical OS command injection vulnerability in NewSoftOA by NewSoft allows unauthenticated local attackers to inject and execute arbitrary OS commands...
The National Institute of Standards and Technology will stop assigning CVSS severity scores to lower-priority vulnerabilities in the NVD as CVE submission...
A path traversal vulnerability in KodExplorer up to v4.52 allows remote attackers to read arbitrary files via the share.class.php Public Share Handler,...
A high-severity SQL injection vulnerability in WeGIA, a web manager for charitable institutions, allows authenticated attackers to escalate privileges by...
Rukovoditel CRM versions 3.6.4 and earlier contain a critical reflected XSS vulnerability in the Zadarma telephony API endpoint. The application reflects...
Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by a critical prototype pollution vulnerability (CWE-1321) that can lead...
Six Apart's Movable Type CMS contains a critical code injection vulnerability allowing unauthenticated attackers to execute arbitrary Perl scripts on...
A critical privilege escalation vulnerability in the Users Manager – PN WordPress plugin (v1.1.15 and below) allows unauthenticated attackers to update...
GLPI versions 11.0.0 through 11.0.5 contain a server-side template injection vulnerability in the administrator interface that allows authenticated admins...
A critical CVSS 9.8 path traversal vulnerability in goshs, a SimpleHTTPServer written in Go, allows unauthenticated attackers to write arbitrary files via...
A remotely exploitable SQL injection vulnerability (CVE-2026-5637) has been disclosed in projectworlds Car Rental System 1.0. The flaw exists in...
An unauthenticated SQL injection vulnerability in ResourceSpace 8.6 allows attackers to execute arbitrary database queries via the 'ref' parameter in...
A high-severity SQL injection vulnerability in itsourcecode Online Enrollment System 1.0 allows remote unauthenticated attackers to manipulate the USERID...
A high-severity SQL injection vulnerability in code-projects Simple Laundry System 1.0 allows remote unauthenticated attackers to manipulate the firstName...
A high-severity denial-of-service vulnerability in DokuWiki v.2025-05-14b 'Librarian' allows remote attackers to crash the application by exploiting the...
A critical server-side request forgery vulnerability in Azure Custom Locations Resource Provider allows an authorized attacker to elevate privileges over...
A critical unauthenticated SQL injection vulnerability (CVSS 9.1) in the setinfo endpoint allows remote attackers to corrupt data and cause denial of...
A CVSS 10.0 critical vulnerability in Juju versions 3.2.0–3.6.18 and 4.0–4.0.3 allows unauthenticated attackers to connect directly to the internal Dqlite...
A high-severity heap buffer overflow in Chrome's GPU component allows remote attackers to execute arbitrary code via a crafted HTML page. Affects all...
A critical path traversal vulnerability in MLflow's extract_archive_to_dir function allows attackers to write arbitrary files outside the intended...
A maximum-severity command injection vulnerability in MLflow's model serving container initialization allows attackers to execute arbitrary OS commands...
GitLab has patched a high-severity vulnerability in its Jira Connect integration affecting CE/EE versions from 14.3 through 18.10 that allowed an...
A critical CVSS 9.8 vulnerability in OpenClaw allows attackers to bypass the exec allowlist by exploiting improper glob pattern normalization where the ?...
A critical CVSS 9.8 authorization bypass in OpenClaw's Zalouser allowlist mode matches mutable group display names instead of stable identifiers, letting...
A critical CVSS 9.8 vulnerability in OpenClaw allows attackers to replay a valid bootstrap setup code multiple times before approval, escalating device...
A server-side request forgery vulnerability in elecV2P up to version 3.8.3 allows remote attackers to manipulate the eAxios function via the /mock...
A Server-Side Request Forgery vulnerability in the Oxygen Theme plugin for WordPress (all versions up to 6.0.8) enables unauthenticated attackers to make...
A critical vulnerability in Gematik Authenticator prior to version 4.16.0 allows attackers to hijack authentication sessions via malicious deep links,...
A critical unauthenticated information disclosure vulnerability in SiYuan, the personal knowledge management system, allows remote attackers to retrieve...
A critical path traversal vulnerability in SiYuan's /api/file/readDir interface allows unauthenticated remote attackers to traverse notebook directories...
A critical chain of vulnerabilities in WWBN AVideo's CloneSite plugin allows fully unauthenticated attackers to achieve remote code execution via key...
A CVSS 9.8 Critical stack-based buffer overflow in Tenda A15 firmware 15.13.07.13 allows unauthenticated remote attackers to execute arbitrary code by...
A critical flaw in jsrsasign versions 7.0.0 through 11.1.0 allows attackers to recover DSA private keys by exploiting biased nonce generation in the...
The Import and export users and customers plugin for WordPress is vulnerable to privilege escalation in all versions up to 1.29.7, allowing authenticated...
A CVSS 8.8 stack-based buffer overflow in D-Link DHP-1320 firmware 1.00WWB04 allows unauthenticated remote attackers to execute arbitrary code via a...
A critical unauthenticated remote code execution vulnerability (CVSS 9.8) in Oracle's Edge Cloud Infrastructure Designer and Visualisation Toolkit allows...
A critical (CVSS 9.6) authorization bypass vulnerability in the moodle-mod_customcert plugin allows any teacher with manage capability in a single course...
A high-severity OS command injection vulnerability (CVSS 9.1) in the Angeet ES3 KVM switch allows authenticated attackers to execute arbitrary OS-level...
A stored cross-site scripting vulnerability in RealtyScript 4.0.2 allows attackers to inject malicious JavaScript via the location_name parameter in the...
A SQL injection vulnerability in Galaxy Forces MMORPG version 0.5.8 has been formally catalogued by NVD, enabling authenticated attackers to extract...
A denial of service vulnerability in AMPPS 2.7, a local web server stack for developers, has been formally assigned CVE-2018-25169 with a CVSS score of...
A critical unauthenticated RCE vulnerability in International Datacasting Corporation's SFX Series satellite receivers allows attackers to execute...