CVE-2026-45543

Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the affected form. The scope is limited to uploaded files for forms where that user previously had resul...

CVE-2026-2306

The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to unauthorized database table creation due to missing authorization checks on the createFluentCartTable function in all versions up to, and including, 5.2.6. This makes it possible for authenticated attackers, with...

CVE-2026-2306 Ninja Tables <= 5.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Table Creation

The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to unauthorized database table creation due to missing authorization checks on the createFluentCartTable function in all versions up to, and including, 5.2.6. This makes it possible for authenticated attackers, with...

WordPress plugin Ninja Tables – Easy Data Table Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-32533

Authorization Bypass Through User-Controlled Key vulnerability in LatePoint LatePoint latepoint allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LatePoint: from n/a through = 5.2.6...

EUVD-2026-15905

Authorization Bypass Through User-Controlled Key vulnerability in LatePoint LatePoint latepoint allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LatePoint: from n/a through = 5.2.6...

CVE-2026-32533

Authorization Bypass Through User-Controlled Key vulnerability in LatePoint LatePoint latepoint allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LatePoint: from n/a through = 5.2.6...

CVE-2026-32533 WordPress LatePoint plugin <= 5.2.6 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in LatePoint LatePoint latepoint allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LatePoint: from n/a through = 5.2.6...

CVE-2026-32533

Authorization Bypass Through User-Controlled Key vulnerability in LatePoint LatePoint latepoint allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LatePoint: from n/a through = 5.2.6...

CVE-2026-1537

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the loadstep function in all versions up to, and including, 5.2.6. This makes it possible for unauthenticated attackers to vie...

WordPress plugin LatePoint 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin <= 5.2.6 - Missing Authorization to Booking Details Exposure vulnerability

WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin = 5.2.6 - Missing Authorization to Booking Details Exposure vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin LatePoint versions = 5.2.6...

django: Django SQL injection in FilteredRelation column aliases

An SQL injection flaw has been discovered in the Django web framework. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed QuerySet.annotate or QuerySet.alias...

EUVD-2008-2660

Malware in sbrugna...

EUVD-2025-12427

Malicious code in bioql PyPI...

CVE-2025-52855

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

CVE-2025-47213

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

OPENSUSE-SU-2025:15527-1 python311-Django-5.2.6-1.1 on GA media

These are all security issues fixed in the python311-Django-5.2.6-1.1 package on the GA media of openSUSE Tumbleweed...

WordPress WP Flow Plus Plugin <= 5.2.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin WP Flow Plus versions = 5.2.5...

Django SQL注入漏洞

Django is a set of open source web application framework based on Python language from Django Foundation. The framework includes an object-oriented mapper, a view system, a template system, and more. An SQL injection vulnerability exists in Django versions prior to 4.2.24, prior to 5.1.12, and...