CVE-2026-25026

Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through = 5.0.11...

EUVD-2026-15623

Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through = 5.0.11...

CVE-2026-25026

CVE-2026-25026 affects the WordPress Plugin Team (RadiusTheme Team tlp-team) with versions n/a through 5.0.11, described as a Missing Authorization / Broken Access Control vulnerability. The underlying issue is improper access-control configuration that could allow exploitation without privileges...

PT-2026-27887

Name of the Vulnerable Software and Affected Versions RadiusTheme Team versions n/a through 5.0.11 Description A missing authorization issue exists in RadiusTheme Team tlp-team. This allows exploitation of incorrectly configured access control security levels. Recommendations Update RadiusTheme...

WordPress plugin Team 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

@vevedh/bke-dsi-cacem (>=2.0.4 <=4.0.1), bke-dsi-cacem (>=0.0.1 <=2.0.4) potentially affected by CVE-2026-29793 via @feathersjs/mongodb (>=5.0.11 <=5.0.12)

@feathersjs/mongodb NPM version =5.0.11, =2.0.4, =0.0.1, =2.0.4 Source cves: CVE-2026-29793 Source advisory: SNYK:JS-FEATHERSJSMONGODB-15456216...

CVE-2026-2433 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.11 - Unauthenticated DOM-Based Reflected Cross-Site Scripting via postMessage

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via postMessage in all versions up to, and including, 5.0.11. This is due to the plugin's admin-shell.js registering a global message event listener...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000373)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000373 advisory. An issue was discovered in the Linux kernel before 5.0.11. fm10kinitmodule in drivers/net/ethernet/intel/fm10k/fm10kmain.c has a NULL pointer dereference because the...

WordPress Team plugin < 5.0.11 - Unauthenticated SQLi vulnerability

Unauthenticated SQLi vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin Team versions 5.0.11...

CVE-2025-14124

CVE-2025-14124 affects WordPress Team Plugin versions prior to 5.0.11. An unauthenticated attacker can trigger a SQL injection via an AJAX action due to insufficient sanitization/escaping of a parameter used in a SQL statement. The associated exploit/example on GitHub demonstrates an unauthentica...

CVE-2025-14124 Team < 5.0.11 - Unauthenticated SQLi

The Team WordPress plugin before 5.0.11 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

PT-2026-1214

Name of the Vulnerable Software and Affected Versions The Team WordPress plugin versions prior to 5.0.11 Description The Team WordPress plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action. This allows unauthenticated users to potentially...

WordPress Newsup Theme <= 5.0.10 is vulnerable to Broken Access Control

Software Newsup Type Theme Vulnerable versions = 5.0.10 Fixed in 5.0.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-8682 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9037492b67e8 Credits Dmitrii Ignatyev Required privilege...

EUVD-2017-5703

Malware in sbrugna...

EUVD-2004-2232

Malware in sbrugna...

EUVD-2017-5704

Malware in sbrugna...

CVE-2017-14195

The callmsg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer...

CVE-2024-47793

Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. When accessing the edit screen containing custom columns column type: images or files, an arbitrary script may be executed on the web browser of the user...

WordPress LatePoint plugin <= 5.0.11 - Unauthenticated Arbitrary User Password Change via SQL Injection vulnerability

Unauthenticated Arbitrary User Password Change via SQL Injection vulnerability discovered by István Márton in WordPress Plugin LatePoint versions = 5.0.11...

VulnCheck KEV: CVE-2024-8911

The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...