WordPress GamiPress plugin <= 7.6.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by bosz in WordPress Plugin GamiPress versions = 7.6.3...

PT-2026-43104

Missing Authorization vulnerability in Ruben Garcia GamiPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GamiPress: from n/a through 7.6.3...

EUVD-2026-15748

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through = 7.6.3...

CVE-2026-25464

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through = 7.6.4...

CVE-2026-25464

CVE-2026-25464 affects the WordPress plugin Jannah (Jannah – Newspaper Magazine News BuddyPress AMP). The Wordfence and NVD entries describe an "Imporper Control of Filename for Include/Require Statement" vulnerability that enables PHP Local File Inclusion via manipulated include/require targets....

CVE-2026-25464 WordPress Jannah theme <= 7.6.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through = 7.6.4...

CVE-2025-64153

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized...

CVE-2025-58412

A improper neutralization of script-related html tags in a web page basic xss vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or commands via crafted URL...

Fortinet FortiADC 安全漏洞

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. A security vulnerability exists in Fortinet FortiADC that originates from improperly neutralized HTML tags and could lead to a cross-site scripting attack. The following versions are affected: version 8.0.0, versions 7.6....

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a set of security operating systems dedicated to the FortiGate network security platform from the U.S. company Fiat Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam. A securit...

PT-2025-47362

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 6.0 through 7.6.3 FortiSASE version 25.3.b Description A stack-based buffer overflow exists in Fortinet FortiOS and FortiSASE. This issue may allow remote code execution by attackers. The vulnerability is triggered by...

Fortinet FortiMail 注入漏洞

Fortinet FortiMail is a suite of e-mail security gateway products from the U.S. company Fiat Fortinet. The product provides email security and data protection features. An injection vulnerability exists in Fortinet FortiMail that stems from improper CRLF sequence neutralization, which could resul...

Fortra GoAnywhere MFT License Servlet Deserialization Vulnerability

Fortra GoAnywhere MFT is a Managed File Transfer MFT solution helping organizations build both internal and external data transfer exchanges. GoAnyWhere MFT versions before 7.8.4 and before 7.6.3 suffer from a deserialization vulnerabilty. By crafting a specific payload, a remote and...

CVE-2025-53845

An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests...

EUVD-2025-24471

Malicious code in bioql PyPI...

EUVD-2023-50532

Malicious code in bioql PyPI...

Fortra GoAnywhere Managed File Transfer (MFT) < 7.6.3 / 7.7.x < 7.8.4 Deserialization (CVE-2025-10035)

According to its self-reported version, the instance of Fortra GoAnywhere Managed File Transfer MFT running on the remote web server is prior to 7.6.3 or 7.7.x prior to 7.8.4. It is, therefore, affected by a deserialization vulnerability: - A deserialization vulnerability in the License Servlet o...

CVE-2025-27759

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated privileged attacker to execute unauthorized code o...

CVE-2025-47857

A improper neutralization of special elements used in an os command 'os command injection' vulnerability CWE-78 in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or command via crafted CLI commands...

CVE-2025-47857

A improper neutralization of special elements used in an os command 'os command injection' vulnerability CWE-78 in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or command via crafted CLI commands...