PT-2026-32669

Name of the Vulnerable Software and Affected Versions Fortinet FortiAnalyzer Cloud versions 7.6.2 through 7.6.4 FortiManager Cloud versions 7.6.2 through 7.6.4 Description A heap-based buffer overflow allows a remote unauthenticated attacker to execute arbitrary code or commands by sending...

EUVD-2026-9733

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in p-themes Porto porto allows Reflected XSS.This issue affects Porto: from n/a through = 7.6.2...

CVE-2026-28075 WordPress Porto theme <= 7.6.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in p-themes Porto porto allows Reflected XSS.This issue affects Porto: from n/a through = 7.6.2...

PT-2026-23353

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in p-themes Porto porto allows Reflected XSS.This issue affects Porto: from n/a through = 7.6.2...

PT-2026-1420

Name of the Vulnerable Software and Affected Versions GamiPress – Gamification plugin for WordPress versions prior to 7.6.2 Description The GamiPress – Gamification plugin for WordPress is susceptible to unauthorized data access. A missing capability check in the gamipress ajax get posts and...

WordPress GamiPress plugin <= 7.6.1 - Missing Authorization to Authenticated (Subscriber+) Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Information Exposure vulnerability discovered by kr0d in WordPress Plugin GamiPress versions = 7.6.1...

CVE-2025-54973

A concurrent execution using shared resource with improper synchronization 'Race Condition' vulnerability CWE-362 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to attempt to win a race condition to bypass the...

EUVD-2017-8036

Malware in sbrugna...

EUVD-2025-10300

Malicious code in bioql PyPI...

EUVD-2024-1992

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-35947

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did...

DEBIAN-CVE-2025-30346

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests...

CVE-2025-24649 WordPress Admin and Site Enhancements (ASE) Plugin <= 7.6.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bowo Admin and Site Enhancements ASE admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements ASE: from n/a through = 7.6.2...

FortiWeb vulnerable to SQL injection

Overview FortiWeb provided by Fortinet, Inc. contains an SQL injection vulnerability CWE-89, CVE-2024-55593. Kentaro Kawane of GMO Cybersecurity by Ierae reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

WordPress Themify Builder plugin <= 7.6.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Themify Builder versions = 7.6.2...

WordPress Themify Builder Plugin <= 7.6.2 is vulnerable to Cross Site Scripting (XSS)

Software Themify Builder Type Plugin Vulnerable versions = 7.6.2 Fixed in 7.6.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9385 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2ab445f01cba Credits Colin Xu Required...

CVE-2024-9385

The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

WordPress plugin Themify Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-39610 · WordPress · Themify Builder

Name of the Vulnerable Software and Affected Versions: Themify Builder plugin for WordPress versions up to, and including, 7.6.2 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This allows unauthenticated...

CVE-2024-25673

Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection...