CVE-2023-54346 WordPress Plugin Backup Migration 1.2.8 Unauthenticated Database Backup Download

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

CVE-2025-13618 Mentoring <= 1.2.8 - Unauthenticated Privilege Escalation in mentoring_process_registration

The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can register with in the mentoringprocessregistration function. This makes it possible for unauthenticated...

CVE-2025-13618

The CVE concerns the Mentoring plugin for WordPress (versions up to 1.2.8). The vulnerability arises from insufficient access control in the mentoring_process_registration() function, which does not properly restrict which roles a user can register as. As a result, unauthenticated attackers can c...

CVE-2026-7675

A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function startlan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been...

WordPress plugin Mentoring 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-36948

Name of the Vulnerable Software and Affected Versions Mentoring plugin for WordPress versions prior to 1.2.9 Description The plugin allows privilege escalation because the mentoring process registration function does not properly restrict the roles users can select during registration. This flaw...

CVE-2026-7674

A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function startsingleservice of the component Web Management Interface. Executing a manipulation of the argument vpnpptpserver/vpnl2tpserver can lead to buffer overflow. The attack can be executed...

CVE-2026-7675

A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function startlan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-7675 Shenzhen Libituo Technology LBT-T300-HW1 apply.cgi start_lan buffer overflow

A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function startlan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been...

EUVD-2026-26809

A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function startlan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been...

PT-2026-36673

Name of the Vulnerable Software and Affected Versions Shenzhen Libituo Technology LBT-T300-HW1 versions prior to 1.2.8 Description A buffer overflow exists in the Web Management Interface component. A remote attacker can trigger this issue by manipulating the vpn pptp server or vpn l2tp server...

Shenzhen Libituo Technology LBT-T300-HW1 缓冲区错误漏洞

Shenzhen Libituo Technology LBT-T300-HW1 is an industrial router produced by Shenzhen Libituo Technology. Versions of Shenzhen Libituo Technology LBT-T300-HW1 prior to 1.2.8 contain a buffer error vulnerability. This vulnerability stems from the function startlan in the file/apply.cgi file, which...

VulnCheck KEV: CVE-2025-69985

FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution RCE. The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate internal requests. A remote unauthenticated attacker can...

WordPress Integrio Core plugin < 1.2.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Integrio Core versions 1.2.8...

CVE-2026-25438

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHunk Gutenberg Blocks unlimited-blocks allows Reflected XSS.This issue affects Gutenberg Blocks: from n/a through = 1.2.8...

CVE-2026-25438 WordPress Gutenberg Blocks – Unlimited blocks For Gutenberg plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHunk Gutenberg Blocks unlimited-blocks allows Reflected XSS.This issue affects Gutenberg Blocks: from n/a through = 1.2.8...

CVE-2026-25438

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHunk Gutenberg Blocks allows Reflected XSS.This issue affects Gutenberg Blocks: from n/a through 1.2.8...

CVE-2026-25438 WordPress Gutenberg Blocks – Unlimited blocks For Gutenberg plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHunk Gutenberg Blocks allows Reflected XSS.This issue affects Gutenberg Blocks: from n/a through 1.2.8...

PT-2026-26273

Name of the Vulnerable Software and Affected Versions ThemeHunk Gutenberg Blocks versions through 1.2.8 Description A flaw exists in ThemeHunk Gutenberg Blocks that allows for Reflected Cross-Site Scripting XSS. This issue is due to improper neutralization of input during web page generation. The...

EulerOS 2.0 SP10 : docker-runc (EulerOS-SA-2026-1306)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through...