CVE-2026-8063

An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whether it begins with an Atlas Search stage. For $rankFusion and $scoreFusion, this inspection reads...

PT-2026-38343

Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 8.2.7 Description An authenticated user can cause a denial of service by crashing the mongod process. This occurs when running $rankFusion or $scoreFusion with an empty pipeline on a view. During view resolutio...

CVE-2026-32573

Improper Control of Generation of Code 'Code Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through = 8.2.7...

CVE-2026-32573

CVE-2026-32573 is an RCE/vulnerability in the WordPress Nelio AB Testing plugin, affecting Nelio AB Testing versions up to and including 8.2.7. The issue is described as Improper Control of Generation of Code (Code Injection) that can lead to remote code execution. Multiple connected sources (NVD...

CVE-2026-32573

Improper Control of Generation of Code 'Code Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through = 8.2.7...

PT-2026-28062

Improper Control of Generation of Code 'Code Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through = 8.2.7...

CVE-2025-60201

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in aguilatechnologies WP Customer Area customer-area allows PHP Local File Inclusion.This issue affects WP Customer Area: from n/a through = 8.3.5...

EUVD-2025-38114

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in aguilatechnologies WP Customer Area customer-area allows PHP Local File Inclusion.This issue affects WP Customer Area: from n/a through = 8.2.7...

CVE-2025-60201

CVE-2025-60201 concerns an improper control of filenames for include/require in the WordPress plugin WP Customer Area (customer-area). Affected versions are reported as the plugin being affected up to version 8.2.7, with sources also noting a vulnerability path described as Local File Inclusion (...

WordPress plugin WP Customer Area 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

EUVD-2023-12263

Malicious code in bioql PyPI...

Security update for qemu

This update for qemu fixes the following issues: Bugfixes and CVEs: hw/usb/hcd-ohci: Fix 1510, 303: pid not IN or OUT bsc1230834, CVE-2024-8354 softmmu: Support concurrent bounce buffers bsc1230915, CVE-2024-8612 system/physmem: Per-AddressSpace bounce buffering bsc1230915, CVE-2024-8612...

PHP 8.2.x < 8.2.7

The version of PHP installed on the remote host is prior to 8.2.7. It is, therefore, affected by a vulnerability as referenced in the Version 8.2.7 advisory. - In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value...

Fedora 38 : php (2023-2455981016)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-2455981016 advisory. PHP version 8.2.7 08 Jun 2023 Core: Fixed bug GH-11152 Unable to alias namespaces containing reserved class names. ilutov Fixed bug GH-9068 Conditional jump ...

PHP < 8.0.29, 8.1.x < 8.1.20, 8.2.x < 8.2.7 Security Update - Windows

PHP is prone to a missing error check and insufficient random bytes in HTTP Digest authentication for SOAP vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2023-25708

Cross-Site Request Forgery CSRF vulnerability in Rextheme WP VR – 360 Panorama and Virtual Tour Builder For WordPress plugin = 8.2.7 versions...

WordPress WP VR Plugin <= 8.2.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP VR Type Plugin Vulnerable versions = 8.2.7 Fixed in 8.2.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25708 Patch priority Low CVSS severity Low 4.3 Developer WPFunnels Team PSID e8f1ea3c4e52 Credits Abdi Pranata Required privileg...

WordPress plugin WP VR 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress WP VR Plugin < 8.2.7 is vulnerable to Cross Site Scripting (XSS)

Software WP VR Type Plugin Vulnerable versions 8.2.7 Fixed in 8.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0174 Patch priority Medium CVSS severity Medium 6.5 Developer WPFunnels Team PSID 8cc58a857921 Credits Lana Codes Required privilege...

Sitecore XP 7.5.0 <= 8.2.7 Remote Code Execution

Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability. No source data...