15,000 WordPress Sites Affected by Administrator Account Creation Vulnerability in WP Maps Pro WordPress Plugin

On March 24th, 2026, we received a submission for an Unauthenticated Administrator Account Creation vulnerability in WP Maps Pro, a WordPress plugin with more than 15,000 sales. This vulnerability makes it possible for unauthenticated attackers to create new administrator accounts on the affected...

Astra Linux - уязвимость в ffmpeg, ffmpeg5

FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service DoS condition...

Kamailio 缓冲区错误漏洞

Kamailio is an open-source implementation of a SIP signaling server developed by Kamailio. Versions of Kamailio prior to 6.1.1, 6.0.6, and 5.8.8 contained a buffer error vulnerability. This vulnerability stemmed from out-of-bounds access, which could lead to denial of service attacks...

Security Bulletin: Remediation of Multiple Apache Struts Vulnerabilities in IBM Library Support for Struts

Summary Multiple Apache Struts vulnerabilities have been addressed in IBM Library Support for Struts Vulnerability Details CVEID:CVE-2025-68493 DESCRIPTION: Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache...

MingSoft MCMS 安全漏洞

MingSoft MCMS is a modular content management framework developed by MingSoft Corporation in China. Version 6.1.1 of MingSoft MCMS contains a security vulnerability, which stems from incorrect handling of the File parameter in the file/ms/file/uploadTemplate.do file. This vulnerability could lead...

K000160014: Apache Struts vulnerability CVE-2025-68493

Security Advisory Description Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue. CVE-2025-68493 Impact...

CVE-2026-23496

Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. Prior to 5.2.2 and 6.1.1, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for managing "Favourite Output Channel Configurations." Testing revealed that an...

CVE-2026-23496

Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. Prior to 5.2.2 and 6.1.1, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for managing "Favourite Output Channel Configurations." Testing revealed that an...

Linux Distros Unpatched Vulnerability : CVE-2025-66648

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user...

Apache Struts 2 is Missing XML Validation

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue...

GHSA-QCFC-HMRC-59X7 Apache Struts 2 is Missing XML Validation

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue...

CVE-2025-68493

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue...

Missing XML Validation

Overview org.apache.struts:struts2-core is a popular open-source framework for developing web applications in the Java programming language. Affected versions of this package are vulnerable to Missing XML Validation. An attacker can access sensitive information or cause a denial of service by...

CVE-2019-12771

Command injection is possible in ThinStation through 6.1.1 via shell metacharacters after the cgi-bin/CdControl.cgi action= substring, or after the cgi-bin/VolControl.cgi OK= substring...

CVE-2024-2375

The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

UBUNTU-CVE-2025-66648

vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. This issue is...

CVE-2025-66648

The CVE-2025-66648 issue affects vega-functions (Vega expression language implementation). Prior to version 6.1.1, an internal function (not part of the public API) could be abused when sites accept untrusted input, enabling unintended JavaScript execution (XSS). The vulnerability is fixed in veg...

CVE-2025-66648

vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. This issue is...

CVE-2025-66648 `vega-functions` vulnerable to Cross-site Scripting via `setdata` function

vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. This issue is...

EUVD-2025-204198

Missing Authorization vulnerability in miniOrange miniOrange's Google Authenticator miniorange-2-factor-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniOrange's Google Authenticator: from n/a through = 6.1.1...