CVE-2026-36239

PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality...

EUVD-2026-32033

PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality...

CVE-2026-36239

PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality...

CVE-2026-36239

PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality...

CVE-2026-36239

CVE-2026-36239 involves PbootCMS where a code injection flaw exists in the site configuration handling. The connected exploit report specifically describes an authenticated RCE in PbootCMS v3.2.12 backend via the sitecopyright footer field, caused by insecure deserialization and output handling i...

PbootCMS 安全漏洞

PbootCMS is an open-source enterprise website content management system developed using the PHP language. Version PbootCMS 3.2.11 contains a security vulnerability, which stems from code injection in the site configuration function...

CVE-2026-36239

PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality...

PT-2026-43395

Name of the Vulnerable Software and Affected Versions PbootCMS version 3.2.11 Description Code injection is possible within the site configuration functionality. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...

CVE-2026-36239

PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality...

Astra Linux - уязвимость в python-django

In Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1, directory traversal is allowed if the filenames are passed to it directly...

CVE-2026-42880 ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext...

EUVD-2026-26726

In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data...

CVE-2026-43824

In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data...

PT-2026-36558

Name of the Vulnerable Software and Affected Versions Argo CD versions 3.2.0 through 3.2.10 Argo CD versions 3.3.0 through 3.3.8 Description The 'ServerSideDiff' endpoint allows the disclosure of cleartext Kubernetes Secret data. This occurs when the IncludeMutationWebhook variable is set to true...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000161)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000161 advisory. Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. Tenable...

WordPress plugin Strong Testimonials Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

CVE-2024-32100

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11...

CVE-2024-31113

Cross-Site Request Forgery CSRF vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11...

WordPress Advanced Database Cleaner PRO Plugin <= 3.2.10 - Limited .txt Path Traversal vulnerability

Limited .txt Path Traversal vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Advanced Database Cleaner PRO versions = 3.2.10...

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. An SQL injection vulnerability exists in WeGIA 3.2.11 and prior versions that originates from allowing an authorized attacker to execute arbitrary SQL queries that could allow access to or delete sensitiv...