CVE-2026-7289

A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used...

CVE-2026-7289 D-Link DIR-825M formWanConfigSetup sub_414BA8 buffer overflow

A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used...

Security Bulletin: runc File Descriptor Leak Leads to Container Escape Vulnerability (Fixed in 1.1.12), affects watsonx.data

Summary runc ≤ 1.1.11 contains a file descriptor leak vulnerability that can allow container processes to access the host filesystem, leading to potential container escape and host compromise. Fixed in version 1.1.12. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-21626...

Security Bulletin: Vulnerability in form-data might affect IBM Storage Defender Sentinel Anomaly Scan Engine.

Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by a vulnerability in form-data. Vulnerabilities include the use of insufficiently random values allowing HTTP Parameter Pollution HPP. More details are described by the CVEs in the "Vulnerability Details" section...

com.github.searls:jasmine-maven-plugin (>=3.0-alpha-01 <=3.0-beta-02), org.webjars.npm:accord (>=0.28.0 <=0.29.0) +177 more potentially affected by CVE-2026-33750 via org.webjars.npm:brace-expansion (=1.1.12)

org.webjars.npm:brace-expansion MAVEN version =1.1.12 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:brace-expansion and may be impacted: - com.github.searls:jasmine-maven-plugin =3.0-alpha-01, =0.28.0, =2.15.2, =12.1.0, =1.3.0, =0.3.0...

CVE-2026-22504

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX ProLingua prolingua allows PHP Local File Inclusion.This issue affects ProLingua: from n/a through = 1.1.12...

EUVD-2026-15512

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX ProLingua prolingua allows PHP Local File Inclusion.This issue affects ProLingua: from n/a through = 1.1.12...

CVE-2026-22504 WordPress ProLingua theme <= 1.1.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX ProLingua prolingua allows PHP Local File Inclusion.This issue affects ProLingua: from n/a through = 1.1.12...

CVE-2026-22504

CVE-2026-22504 concerns the WordPress theme ProLingua by ThemeREX, affected

WordPress plugin ProLingua 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress Ricerca - advanced search plugin <= 1.1.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Settings vulnerability

WordPress Ricerca - advanced search plugin = 1.1.12 - Authenticated Administrator+ Stored Cross-Site Scripting via Plugin's Settings vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Ricerca – advanced search versions = 1.1.12...

CVE-2026-2837 Ricerca – advanced search <= 1.1.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Settings

The Ricerca – advanced search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

PT-2026-26844

The Ricerca – advanced search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

EUVD-2026-11406

Winter vulnerable to privilege escalation by authenticated backend users...

CVE-2026-27591

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their...

CVE-2026-27591

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their...

PT-2026-24850

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their...

CVE-2026-28024

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Helion helion allows PHP Local File Inclusion.This issue affects Helion: from n/a through = 1.1.12...

CVE-2026-28017

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Green Thumb greenthumb allows PHP Local File Inclusion.This issue affects Green Thumb: from n/a through = 1.1.12...

WordPress ProLingua theme <= 1.1.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme ProLingua versions = 1.1.12...