CVE-2026-2311 IBM i is affected by a privilege escalation vulnerability in Web Administration GUI []

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege...

OMRON UPS (Uninterruptible Power Supply) management application may insecurely load Dynamic Link Libraries

Overview The UPS Uninterruptible Power Supply management application provided by OMRON Corporation may insecurely load Dynamic Link Libraries due to an issue with uncontrolled search path element CWE-427, CVE-2026-5397. OMRON Corporation reported this vulnerability to JPCERT/CC to notify users of...

CVE-2026-28760

The vulnerability CVE-2026-28760 affects RATOC RAID Monitoring Manager for Windows. The installer loads DLLs by searching the current directory, enabling a user-directed crafted DLL to be loaded during installation, which may allow arbitrary code execution with administrator privileges. The issue...

Tecnick TCExam 代码注入漏洞

Tecnick TCExam is a web-based open-source electronic examination system developed by the British company Tecnick. This system is primarily used for online examinations. Version 16.5.0 of Tecnick TCExam contains a code injection vulnerability. This vulnerability stems from incorrect handling of a...

Tecnick TCExam 代码注入漏洞

Tecnick TCExam is a web-based open-source electronic examination system developed by the British company Tecnick. This system is primarily used for online examinations. Versions of Tecnick TCExam prior to 16.6.0 contained a code injection vulnerability. This vulnerability stemmed from improper...

CVE-2026-26050

The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...

CVE-2026-2019

The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval function. This makes it possible for authenticated...

Vulnerabilities fixed in Fortinet FortiOS

Fortinet has fixed vulnerabilities in FortiOS Versions 7.0 to 7.6.4, 7.4.0 to 7.4.9, and 7.2.0 to 7.2.11. The vulnerabilities include an Authentication Bypass that allows unauthenticated attackers to bypass LDAP authentication for Agentless VPN or FSSO policies, depending on specific configuratio...

CVE-2026-25655

CVE-2026-25655 affects SINEC NMS prior to 4.0 SP2. The issue is an improper modification of a configuration file by a low-privileged user, which can be exploited to load malicious DLLs and potentially achieve arbitrary code execution with administrative privileges. From the provided data, attack ...

CVE-2025-71178

Crucial Storage Executive installer versions prior to 11.08.082025.00 contain a DLL preloading vulnerability. During installation, the installer runs with elevated privileges and loads Windows DLLs using an uncontrolled search path, which can cause a malicious DLL placed alongside the installer t...

CVE-2021-47860

GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote cod...

CVE-2021-47860

GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote cod...

GetSimple Content Management System Cross-Site Request Forgery Vulnerability

GetSimple Content Management System is an open-source content management system developed by GetSimpleCMS. The GetSimple Content Management System has a cross-site request forgeing vulnerability, which stems from the existence of cross-site request forgery attacks. This vulnerability may allow...

Exploit for Cross-site Scripting in Mainwp Mainwp_Dashboard

CVE-2016-15041 Testing Environment & Walkthrough Table of...

CVE-2025-67737 AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE

AzuraCast is a self-hosted, all-in-one web radio management suite. Versions 0.23.1 mistakenly include an API endpoint that is intended for internal use by the SFTP software sftpgo, exposing it to the public-facing HTTP API for AzuraCast installations. A user with specific internal knowledge of a...

CVE-2025-67737

CVE-2025-67737 affects AzuraCast versions 0.23.1, where an API endpoint intended for internal use by sftpgo was exposed in the public HTTP API (at /api/internal/sftp-event). A user with valid SFTP credentials and knowledge of the station’s internal filesystem can craft a tailored HTTP request to ...

CVE-2024-58303

FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generati...

PT-2025-47269

Name of the Vulnerable Software and Affected Versions Serv-U versions prior to 15.5.3 Description A Path Restriction Bypass exists in Serv-U that allows a malicious actor with administrative privileges to execute code on a directory. This requires administrative privileges to exploit. On Windows...

CVE-2022-50592

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint...

EUVD-2025-30242

Malicious code in bioql PyPI...