CVE-2026-6670

The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'subdir' and 'mediaitems' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted t...

CVE-2026-6670

The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'subdir' and 'mediaitems' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted t...

EUVD-2026-30256

The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'subdir' and 'mediaitems' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted t...

CVE-2026-6670 Media Sync <= 1.4.9 - Authenticated (Author+) Path Traversal via 'sub_dir' and 'media_items' Parameters

The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'subdir' and 'mediaitems' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted t...

CVE-2026-6670 Media Sync <= 1.4.9 - Authenticated (Author+) Path Traversal via 'sub_dir' and 'media_items' Parameters

The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'subdir' and 'mediaitems' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted t...

CVE-2026-6670

The Media Sync plugin for WordPress (versions up to 1.4.9) is vulnerable to Path Traversal via the sub_dir and media_items parameters. Due to insufficient validation of user-supplied file paths, attackers with Author-level access or higher can act on files outside the intended uploads directory. ...

Exploit for CVE-2026-42945

NGINX Rift Configuration Scanner Language: Chinese | English...

Updated perl-XML-LibXML packages fix security vulnerability

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. CVE-2026-8177...

Updated redis packages fix security vulnerabilities

CVE-2026-23479 Use-After-Free in unblock client flow may lead to Remote Code Execution. CVE-2026-25243 Invalid memory access in RESTORE may lead to Remote Code Execution CVE-2026-23631 Lua Use-After-Free may lead to remote code execution A user can manipulate data read by a connection by injectin...

MGASA-2026-0134 Updated redis packages fix security vulnerabilities

CVE-2026-23479 Use-After-Free in unblock client flow may lead to Remote Code Execution. CVE-2026-25243 Invalid memory access in RESTORE may lead to Remote Code Execution CVE-2026-23631 Lua Use-After-Free may lead to remote code execution A user can manipulate data read by a connection by injectin...

MGASA-2026-0137 Updated perl-XML-LibXML packages fix security vulnerability

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. CVE-2026-8177...

CVE-2026-41465

ProjeQtor versions 7.0 through 12.4.3 contain a path traversal vulnerability in the log file viewer at dynamicDialog.php where the logname parameter is not validated against directory traversal sequences before constructing file paths. Authenticated attackers can inject directory traversal...

CVE-2026-41463

ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerability in the plugin upload functionality that allows authenticated attackers with upload permissions to write files outside the intended extraction directory by crafting ZIP archives with directory traversal sequences...

Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (May 2026)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data...

MetaBackdoor: Exploiting Positional Encoding As a Backdoor Attack Surface in LLMs

Backdoor attacks pose a serious security threat to large language models LLMs, which are increasingly deployed as general-purpose assistants in safety- and privacy-critical applications. Existing LLM backdoors rely primarily on content-based triggers, requiring explicit modification of the input...

PT-2026-40959

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Controller versions prior to 20.12.6.2 Cisco Catalyst SD-WAN Manager versions prior to 20.12.6.2 Description A flaw in the peering authentication mechanism of the control connection handshaking allows an unauthenticated...

Unity Linux 20.1070a Security Update: git (UTSA-2026-021309)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021309 advisory. Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals...

PT-2026-40893

The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'sub dir' and 'media items' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted...

Unity Linux 20.1070a Security Update: git (UTSA-2026-021356)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021356 advisory. Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process...

CVE-2026-44437

The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism fails to properly...