PT-2026-44087

pam usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pam usb helper tools resolved external binaries through the PATH environment variable rather than using absolute paths. An attacker who can influence the process environment during PAM...

PT-2026-44038

OpenRapid RapidCMS v1.3.1 was discovered to contain an authentication bypass in the /template/default/menu.php component. This vulnerability is exploited via injecting a crafted SQL payload into the name cookie parameter...

WordPress plugin Smart Online Order for Clover 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

Synology DiskStation Manager（DSM） 代码问题漏洞

Synology DiskStation Manager DSM is an operating system developed by Synology Inc. It is used for managing data, files, photos, music, and other information on network storage servers. Versions of DSM prior to 7.2.2.6-72806-5 and 7.3.1.8-86003-1 contained code vulnerabilities. These vulnerabiliti...

WordPress plugin KiviCare 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

OpenLearnX 数据伪造问题漏洞

OpenLearnX is a decentralized adaptive learning and evaluation platform developed by th30d4y. Versions of OpenLearnX prior to 2.0.4 had a data manipulation vulnerability, which stemmed from a critical authentication flaw. This vulnerability could allow unauthorized access to user accounts under...

PT-2026-43983

Name of the Vulnerable Software and Affected Versions IBM Operations Analytics - Log Analysis affected versions not specified IBM SmartCloud Analytics - Log Analysis affected versions not specified Description These products use default passwords from the manufacturing process during the...

PT-2026-44113

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.8.7 Description In the src/tmux.c file, the software reads the $TMUX environment variable, splits it by commas, and interpolates the socket-path component directly into a shell command executed via the popen functio...

PT-2026-44088

pam usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, when a PAM service is configured with deny remote=false in pam usb commonly done for display managers such as gdm-password or lightdm to bypass process/TTY heuristics for local sessions, the PAM RHO...

IBM Operations Analytics - Log Analysis 安全漏洞

IBM Operations Analytics - Log Analysis is a log analysis software developed by the American multinational company International Business Machines IBM. There is a security vulnerability in IBM Operations Analytics - Log Analysis, which stems from the use of default passwords during the...

PT-2026-43701

In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain full access to the service protocol and configuration panel...

PT-2026-44111

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.8.7 Description pam usb provides hardware authentication for Linux using ordinary removable media. Symlink attacks on the pad directory and pad files allow for authentication bypass and corruption of root files...

CVE-2025-68712

SpSoft AppLock com.sp.protector.free 7.9.40 for Android allows a local attacker with physical access to bypass fingerprint or PIN authentication. Although the app integrates Android's biometric mechanisms, the lock is implemented with a custom overlay that fails to consistently enforce...

PT-2026-43975

Name of the Vulnerable Software and Affected Versions IBM Controller versions 11.0.1 through 11.1.2 Description IBM Controller contains hard-coded credentials, such as passwords or cryptographic keys. These credentials are used for inbound authentication, outbound communication to external...

PT-2026-44151

Name of the Vulnerable Software and Affected Versions asyncssh versions 2.22.0 through 2.23.0 Description An issue exists during pre-authentication server configuration reload where the %u token in the AuthorizedKeysFile setting is expanded using the raw SSH username without rejecting path...

WordPress plugin Disable Comments for Any Post Types (Remove comments) 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-43658

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types Remove comments comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types Remove comments: from n/a through = 1.3.0...

IBM Controller 信任管理问题漏洞

IBM Controller is a web-based financial consolidation tool developed by the American multinational company International Business Machines IBM. Versions 11.0.1, 11.1.0, 11.1.1, and 11.1.2 of IBM Controller contain vulnerabilities related to trust management. These vulnerabilities stem from the us...

Gitlab -- vulnerabilities

Gitlab reports: Improper Access Control issue in Duo AI workflow runners impacts GitLab EE Denial of Service issue in Wiki impacts GitLab CE/EE Incorrect Authorization issue in GraphQL WorkItem API impacts GitLab CE/EE Improper Authorization issue in Duo Workflows API impacts GitLab EE Missing...

PT-2026-43532

The Two-factor authentication formerly IP Vault plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the ipv save changes function. This makes it possible for unauthenticated attackers t...