Vuldb Updates

A vulnerability was found in contest-gallery Contest Gallery Plugin up to 28.1.5 on WordPress. It has been declared as critical. Affected by this vulnerability is the function user_activation_key of the file users-registry-check-after-email-or-pin-confirmation.php. The manipulation results in improper authentication. This vulnerability was named CVE-2026-4021. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in wpeverest User Registration & Membership Plugin up to 5.1.4 on WordPress. The impacted element is the function check_permissions of the component REST API Endpoint. This manipulation causes missing authorization. This vulnerability is registered as CVE-2026-4056. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability has been found in QEMU and classified as critical. This issue affects some unknown processing of the component virtio-fs Shared File System Daemon. The manipulation leads to improper check for dropped privileges. This vulnerability is uniquely identified as CVE-2022-0358. The attack is possible to be carried out remotely. No exploit exists. It is suggested to install a patch to address this issue.

A vulnerability was found in vim up to 8.1 and classified as critical. Impacted is an unknown function. Such manipulation leads to memory corruption. This vulnerability is documented as CVE-2022-0351. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Samba up to 4.13.16/4.14.11/4.15.3. It has been declared as critical. The impacted element is the function samldb_spn_uniqueness_check of the file ldb_modules/samldb.c of the component AD DC. Such manipulation leads to incorrect default permissions. This vulnerability is referenced as CVE-2022-0336. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in cure53 DOMPurify up to 2.5.8/3.3.1. It has been declared as problematic. This affects an unknown part. Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2026-0540. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability labeled as problematic has been found in rustdesk-server-pro RustDesk Server Pro up to 1.7.5. This vulnerability affects unknown code of the component Address Book Sync API Module. Executing a manipulation can lead to cleartext transmission of sensitive information. This vulnerability appears as CVE-2026-30796. The attack may be performed from remote. There is no available exploit.

A vulnerability described as critical has been identified in rustdesk-client RustDesk Client up to 1.4.5. Impacted is the function Config::set_options of the file src/hbbs_http/sync.Rs of the component API Message Handler. The manipulation results in violation of secure design principles. This vulnerability is known as CVE-2026-30792. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as critical has been found in rustdesk-client RustDesk Client up to 1.4.5. The affected element is an unknown function of the file src/hbbs_http/http_client.Rs. This manipulation causes improper certificate validation. This vulnerability is handled as CVE-2026-30794. The attack can be initiated remotely. There is not any exploit available.

A vulnerability classified as problematic was found in rustdesk-client RustDesk Client up to 1.4.5. The impacted element is an unknown function of the file src/hbbs_http/sync.Rs. Such manipulation leads to cleartext transmission of sensitive information. This vulnerability is uniquely identified as CVE-2026-30795. The attack can be launched remotely. No exploit exists.

A vulnerability identified as critical has been detected in rustdesk-client RustDesk Client up to 1.4.5. Impacted is the function MainSetPermanentPassword in the library flutter/lib/common.Dart of the component URI Handler. The manipulation leads to improper authorization. This vulnerability is documented as CVE-2026-30793. The attack can be initiated remotely. There is not any exploit available.

A vulnerability identified as critical has been detected in OpenClaw up to 2026.2.21. This issue affects the function tools.exec.safeBins. Performing a manipulation of the argument sort results in os command injection. This vulnerability is known as CVE-2026-22169. Attacking locally is a requirement. No exploit is available. You should upgrade the affected component. It looks like a duplicate CVE-2026-32010 has been assigned to this entry.

A vulnerability, which was classified as critical, has been found in OpenClaw up to 2026.2.21 on macOS. Affected is the function system.run. Performing a manipulation results in os command injection. This vulnerability is identified as CVE-2026-22179. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in OpenClaw up to 2026.2.21. It has been declared as problematic. The impacted element is an unknown function of the component BlueBubbles Plugin. Executing a manipulation can lead to incorrect authorization. This vulnerability is registered as CVE-2026-22170. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in OpenClaw up to 2026.2.21. It has been rated as critical. This affects an unknown function of the file /json/version of the component Authentication Token Handler. The manipulation leads to missing authentication. This vulnerability is documented as CVE-2026-22174. The attack needs to be performed locally. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability described as problematic has been identified in Wikimedia MediaWiki up to 1.39.13/1.43.3/1.44.0. Impacted is an unknown function of the file includes/RecentChanges/EnhancedChangesList.Php. Executing a manipulation can lead to information disclosure. This vulnerability is registered as CVE-2025-61646. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

A vulnerability categorized as problematic has been discovered in GNOME libsoup. Affected is an unknown function of the component Header Parser. Such manipulation of the argument Content-Disposition leads to crlf injection. This vulnerability is uniquely identified as CVE-2026-1536. The attack can be launched remotely. No exploit exists.

A vulnerability identified as problematic has been detected in GNOME libsoup. Affected by this vulnerability is an unknown functionality of the component HTTP Redirect Handler. Performing a manipulation results in insertion of sensitive information into sent data. This vulnerability was named CVE-2026-1539. The attack may be initiated remotely. There is no available exploit.

A vulnerability, which was classified as problematic, was found in Wikimedia MediaWiki up to 1.39.13/1.43.3/1.44.0. The affected element is an unknown function of the file includes/recentchanges/RecentChangeRCFeedNotifier.Php. The manipulation results in information disclosure. This vulnerability is known as CVE-2025-61643. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability was found in Wikimedia MediaWiki up to 1.39.13/1.43.3/1.44.0. It has been declared as problematic. Impacted is an unknown function of the file includes/htmlform/CodexHTMLForm.Php. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-61642. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.