VulDB Recent Entries

A vulnerability, which was classified as critical, has been found in FreeBSD up to p4/p8/p13. This issue affects the function libcasper. Performing a manipulation results in stack-based buffer overflow. This vulnerability is known as CVE-2026-39461. Attacking locally is a requirement. No exploit is available. To fix this issue, it is recommended to deploy a patch.

A vulnerability classified as problematic was found in Honeywell International Control Network Module up to 110.2. This vulnerability affects unknown code. Such manipulation leads to file and directory information exposure. This vulnerability is traded as CVE-2026-5434. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Mattermost up to 10.11.14/11.4.4/11.5.3/11.6.0/11.6.x. This affects an unknown part. This manipulation causes path traversal. This vulnerability appears as CVE-2026-4858. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Tobias CF7 WOW Styler Plugin up to 1.7.6 on WordPress. Affected by this issue is some unknown functionality. The manipulation results in missing authorization. This vulnerability is reported as CVE-2026-27393. The attack can be launched remotely. No exploit exists.

A vulnerability marked as problematic has been reported in WPFunnels Mail Mint Plugin up to 1.19.5 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to exposure of sensitive system information to an unauthorized control sphere. This vulnerability is documented as CVE-2026-27349. The attack can be initiated remotely. There is not any exploit available.

A vulnerability labeled as problematic has been found in Mattermost. Affected is an unknown function. Executing a manipulation can lead to cross-site request forgery. This vulnerability is registered as CVE-2026-22880. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in FreeBSD. This impacts an unknown function. Performing a manipulation results in out-of-bounds write. This vulnerability is cataloged as CVE-2026-45253. It is possible to initiate the attack remotely. There is no exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability categorized as critical has been discovered in Gmission Web Fax up to 3.0. This affects an unknown function. Such manipulation leads to unrestricted upload. This vulnerability is listed as CVE-2026-9157. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in FreeBSD. It has been rated as critical. The impacted element is an unknown function of the component Fusefs Kernel Module. This manipulation causes heap-based buffer overflow. This vulnerability is tracked as CVE-2026-45252. The attack is only possible within the local network. No exploit exists. To fix this issue, it is recommended to deploy a patch.

A vulnerability was found in Honeywell International Control Network Module up to 110.2. It has been declared as critical. The affected element is an unknown function of the component Web Interface. The manipulation results in command injection. This vulnerability is identified as CVE-2026-5433. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in Mattermost up to 10.11.13/11.4.3/11.5.1. It has been classified as problematic. Impacted is an unknown function of the component Run Creation API. The manipulation leads to incorrect authorization. This vulnerability is referenced as CVE-2026-4055. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in themefusion Avada Builder Plugin up to 3.15.2 on WordPress and classified as problematic. This issue affects some unknown processing of the component Dynamic Data Feature. Executing a manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2026-1543. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in MLflow up to 3.9.x and classified as critical. This vulnerability affects unknown code of the component REST API. Performing a manipulation of the argument BEFORE_REQUEST_VALIDATORS/AFTER_REQUEST_HANDLERS results in improper access controls. This vulnerability was named CVE-2026-2734. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in themefusion Avada Builder Plugin up to 3.15.2 on WordPress. This affects the function Fusion_Builder_Conditional_Render_Helper::get_value of the component AJAX Endpoint. Such manipulation leads to injection. This vulnerability is uniquely identified as CVE-2026-6279. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Siber Systems RoboForm Password Manager App on Android. Affected by this issue is some unknown functionality of the component URL Validation Handler. This manipulation causes insufficient ui warning of dangerous operations. This vulnerability is handled as CVE-2026-47782. The attack can be initiated remotely. There is not any exploit available.

A vulnerability classified as very critical was found in LiteSpeed User-End cPanel Plugin up to 2.4.4. Affected by this vulnerability is the function cpanel_jsonapi_func of the file /var/cpanel/logs. The manipulation results in incorrect privilege assignment. This vulnerability is known as CVE-2026-48172. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in wpbean WPB Floating Menu or Categories Plugin up to 1.0.8 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2026-4811. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in libsolv. This impacts the function repo_add_solv of the component solv File Handler. Executing a manipulation can lead to heap-based buffer overflow. This vulnerability appears as CVE-2026-9149. The attack may be performed from remote. There is no available exploit. A patch should be applied to remediate this issue.

A vulnerability marked as problematic has been reported in RRWO Crypt::SaltedHash up to 0.09 on Perl. This affects the function rand. Performing a manipulation results in cryptographically weak prng. This vulnerability is reported as CVE-2026-47372. The attack is possible to be carried out remotely. No exploit exists. It is suggested to install a patch to address this issue.

A vulnerability labeled as critical has been found in libsolv. The impacted element is an unknown function of the component Debian Metadata Parser. Such manipulation leads to stack-based buffer overflow. This vulnerability is documented as CVE-2026-9150. The attack can be executed remotely. There is not any exploit available. Applying a patch is advised to resolve this issue.