Hikvision IP ping.php - Command Execution

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondataip with the input netstat -ano leads to os command injection...

EUVD-2026-33933

Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elementor Website Builder: from n/a through 4.1.0...

CVE-2026-49782

CVE-2026-49782 concerns the WordPress Elementor Website Builder plugin (

CVE-2026-49782 WordPress Elementor Website Builder plugin <= 4.1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elementor Website Builder: from n/a through 4.1.0...

CVE-2026-49009

Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal...

CVE-2026-49009

Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal...

PT-2026-44081

Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal...

CVE-2026-49009

Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal...

CVE-2026-49009

Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal...

CVE-2026-42782 Apache Syncope: Post-auth RCE via Groovy static

Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects...

Apache Syncope 安全漏洞

Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration, and more. A security vulnerability exists in Apache Syncope versions 3.0 through...

DEBIAN-CVE-2026-40864

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

CVE-2026-40864

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

WordPress Advanced Database Cleaner – Premium plugin <= 4.1.0 - Authenticated (Subscriber+) Local File Inclusion vulnerability

Authenticated Subscriber+ Local File Inclusion vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin Advanced Database Cleaner – Premium versions = 4.1.0...

CVE-2026-7522

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

PT-2026-42104

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

alvin-cli (>=0.0.1a0 <=1.3.0rc1), apache-airflow-providers-fastetl (>=0.0.36 <=0.0.39) +87 more potentially affected by CVE-2026-46374 via sqlfluff (>=0.11.2 <=4.1.0)

sqlfluff PYPI version =0.11.2, =0.0.1a0, =0.0.36, =0.3.8, =1.1.5, =0.1.5, =0.1.2, =0.1.0, =0.1.2, =0.0.0, =0.2.0, =0.0.1, =0.1.0, =0.5.9 and more Source cves: CVE-2026-46374 Source advisory: OSV:GHSA-73JC-5MRQ-PRW7...

Uncontrolled Recursion

Overview sqlfluffrs is a The SQL Linter for Humans Affected versions of this package are vulnerable to Uncontrolled Recursion through the ParseContext and parser recursion in the SQL parser components. An attacker can exhaust parser stack depth and force repeated parse failures by supplying deepl...

Uncontrolled Recursion

Overview sqlfluff is a The SQL Linter for Humans Affected versions of this package are vulnerable to Uncontrolled Recursion through the ParseContext and parser recursion in the SQL parser components. An attacker can exhaust parser stack depth and force repeated parse failures by supplying deeply...

CVE-2026-6962

The Cost of Goods: Product Cost & Profit Calculator for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'algwccogproductcost' and 'algwccogproductprofit' shortcodes in all versions up to, and including, 4.1.0 due to insufficient input sanitization an...