CVE-2026-29053

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1...

CVE-2026-27384

CVE-2026-27384 affects BoldGrid W3 Total Cache (WordPress plugin) up to version 2.9.1. The vulnerability arises from improper validation of a specified quantity in input, allowing access to functionality not properly constrained by ACLs, which can enable unauthenticated Arbitrary Code Execution (...

CVE-2026-27384 WordPress W3 Total Cache plugin <= 2.9.1 - Arbitrary Code Execution vulnerability

Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects W3 Total Cache: from n/a through = 2.9.1...

CVE-2026-29053

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1...

EUVD-2026-9522

UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 contains an Incorrect Default Permissions CWE-276 vulnerability that allows an attacker to execute arbitrary code with SYSTEM privileges by causing the application to load a specially crafted DLL...

EUVD-2026-9521

UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 contains an Unquoted Search Path or Element CWE-428 vulnerability, which allows a user with write access to a directory on the system drive to execute arbitrary code with SYSTEM privileges...

CVE-2026-26033

UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 contains an Unquoted Search Path or Element CWE-428 vulnerability, which allows a user with write access to a directory on the system drive to execute arbitrary code with SYSTEM privileges...

CVE-2026-26034

UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 contains an Incorrect Default Permissions CWE-276 vulnerability that allows an attacker to execute arbitrary code with SYSTEM privileges by causing the application to load a specially crafted DLL...

CVE-2026-26034

The CVE concerns UPS Multi-UPS Management Console (MUMC) v01.06.0001 (A03). The issue is an Incorrect Default Permissions (CWE-276) that enables arbitrary code execution with SYSTEM privileges by loading a specially crafted DLL. According to the provided metrics, it is a Local attack with LOW att...

GHSA-928R-FM4V-MVRW TechDocs Mkdocs Configuration Key Enables Arbitrary Code Execution

Impact This is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the documentation build process. A gap in this allowlist allows attackers to craft an...

TechDocs Mkdocs Configuration Key Enables Arbitrary Code Execution

Impact This is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the documentation build process. A gap in this allowlist allows attackers to craft an...

PT-2026-23441

Name of the Vulnerable Software and Affected Versions Backstage versions prior to 1.14.3 Description Backstage, an open framework for building developer portals, contains a configuration bypass that can lead to arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlis...

CVE-2026-26377

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function...

KLA90912 ACE vulnerability in Microsoft Device

A remote code execution vulnerability was found in Microsoft Devices Pricing Program. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2026-21536 Exploitation CVE list CVE-2026-21536 critical Solution Install necessary updates from the KB section,...

Ghost 注入漏洞

Ghost is a hosting service developed by the Ghost open-source project. Versions of Ghost from 0.7.2 to 6.19.0 have a vulnerability related to injections. This vulnerability arises due to specially crafted malicious themes that may execute arbitrary code on the server...

D-Link DIR-513 安全漏洞

The D-Link DIR-513 is a wireless router product from D-Link Corporation. The D-Link DIR-513 v1.10 version has a security vulnerability. This vulnerability stems from a stack buffer overflow in the curTime parameter of the goform/formSetMACFilter function, which may allow for the execution of...

Apple Multiple Products Integer Overflow or Wraparound Vulnerability

Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code execution...

Avira Internet Security 安全漏洞

Avira Internet Security is a network security software developed by the German company Avira. Avira Internet Security has a security vulnerability, which stems from the System Speedup component deserializing unreliable data. This could allow local attackers to execute arbitrary code with SYSTEM...

Important: postgresql16

Issue Overview: Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before...

Important: postgresql15

Issue Overview: Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before...