Prodigy Commerce <= 3.3.0 - Local File Inclusion

Prodigy Commerce WordPress plugin = 3.2.9 contains a local file inclusion caused by improper sanitization of 'parameterstemplatename' parameter, letting unauthenticated attackers include and execute arbitrary files remotely. id: CVE-2026-0926 info: name: Prodigy Commerce = 3.3.0 - Local File...

Prodigy Commerce 3.3.0 - Local File Inclusion

Exploit Title: Prodigy Commerce 3.3.0 - Local File Inclusion Date: 23-05-2026 Exploit Author: Diamorphine Vendor Homepage: https://prodigycommerce.com/ Software Link: https://wordpress.org/plugins/prodigy-commerce/ Version: 3.2.9 Tested on: Debian CVE : CVE-2026-0926 Description: Prodigy Commerce...

📄 WordPress Prodigy Commerce 3.2.9 Local File Inclusion

WordPress Prodigy Commerce plugin versions 3.2.9 and below suffer from a local file inclusion vulnerability. Exploit Title: Prodigy Commerce 3.3.0 - Local File Inclusion Date: 23-05-2026 Exploit Author: Diamorphine Vendor Homepage: https://prodigycommerce.com/ Software Link:...

CVE-2026-0926

creationtimestamp| type| source ---|---|--- 2026-02-19 06:00:32+00:00| seen| https://infosec.exchange/users/offseq/statuses/116095767796577933 2026-02-19 06:00:34+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mf6w4wmrzl22 2026-02-19 17:06:59+00:00| seen|...

EUVD-2010-1409

Malware in sbrugna...

CVE-2025-0926

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video. Axis has released a patched version for the highlighted flaw. Please refer to the Ax...

CVE-2025-0926

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video. Axis has released a patched version for the highlighted flaw. Please refer to the Ax...

CVE-2025-0926

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video. Axis has released a patched version for the highlighted flaw. Please refer to the Ax...

CVE-2022-0926

File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12...

Novell EDirectory EMBox Unauthenticated File Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Novell eDirectory eMBox Unauthenticated File Access', 'Description' = %q This module will access Novell eDirectory's eMBox service and can run th...

WordPress Custom Permalinks Plugin <= 2.6.0 is vulnerable to Cross Site Scripting (XSS)

Software Custom Permalinks Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0926 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 85e376d90fe6 Credits Ram Required privilege...

RHEL 4 : samba (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - samba: insecure wide links default CVE-2010-0926 Note that Nessus has not tested for this issue but has instead...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0926-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0926-1 advisory. The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: -...

CVE-2024-0926

creationtimestamp| type| source ---|---|--- 2024-01-26 16:32:28+00:00| seen| https://t.me/ctinow/174307 2024-02-02 21:16:49+00:00| seen| https://t.me/ctinow/178277 2024-02-19 09:51:20+00:00| seen| https://t.me/ctinow/187539...

CVE-2024-0926

The CVE-2024-0926 entry concerns Tenda AC10U devices, specifically version 15.03.06.49_multi_TDE01, where the formWifiWpsOOB function is vulnerable. Root cause: manipulation of the index argument leads to a stack-based buffer overflow. Impact: remote exploitation, with potential confidentiality, ...

SUSE CVE-2010-0926

The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create...

CVE-2022-0926

The CVE-2022-0926 entry concerns Microweber (microweber/microweber). A vulnerability in the file upload filter allows bypassing input validation, leading to stored XSS. Affected version range: prior to 1.2.12. The root cause is improper validation in the file upload handling, enabling injection o...

CVE-2022-0926 File upload filter bypass leading to stored XSS in microweber/microweber

File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12...

CVE-2022-0926 File upload filter bypass leading to stored XSS in microweber/microweber

File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12...

CVE-2021-0926

creationtimestamp| type| source ---|---|--- 2021-12-15 22:47:10+00:00| seen| https://t.me/cibsecurity/34108...