Exploit for CVE-2026-3395

CVE‑2026‑3395 — MaxSite CMS Unauthenticated Remote Code Execut...

CVE-2026-28557 wpForo Forum < 2.4.16 Privilege Escalation via Role Synchronization Handler

wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpforosynchroles AJAX handler. Attackers access the usergroups admin page, accessible to any authenticated user, to obtain a nonce, then rema...

CVE-2026-28554 wpForo Forum 2.4.14 Missing Authorization via Post Approval AJAX Handler

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to approve or unapprove any forum post via the wpforoapproveajax AJAX handler. Attackers exploit the nonce-only check by submitting a valid nonce with an arbitrary post ID to bypass moderation...

CVE-2026-28554 wpForo Forum 2.4.14 Missing Authorization via Post Approval AJAX Handler

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to approve or unapprove any forum post via the wpforoapproveajax AJAX handler. Attackers exploit the nonce-only check by submitting a valid nonce with an arbitrary post ID to bypass moderation...

PT-2026-22478

Name of the Vulnerable Software and Affected Versions wpForo Forum version 2.4.14 Description An issue exists in wpForo Forum that allows authenticated users to perform bulk wpForo usergroup reassignment. This is possible due to a missing capability check in the wpforo synch roles AJAX handler. A...

PT-2026-22475

Name of the Vulnerable Software and Affected Versions wpForo Forum version 2.4.14 Description The software contains a flaw due to missing authorization checks. An authenticated subscriber can approve or unapprove any forum post by exploiting the wpforo approve ajax AJAX handler. The check relies...

kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...

WordPress plugin TP2WP Importer 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...

EUVD-2026-8631

The Advanced Woo Labels plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.37. This is due to the use of calluserfuncarray with user-controlled callback and parameters in the getselectoptionvalues AJAX handler without an allowlist of permitted...

CVE-2026-1929

The Advanced Woo Labels plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.37. This is due to the use of calluserfuncarray with user-controlled callback and parameters in the getselectoptionvalues AJAX handler without an allowlist of permitted...

Progress Telerik UI 安全特征问题漏洞

Progress Telerik UI is a UI control suite for application development developed by the American company Progress. Versions of Progress Telerik UI for AJAX prior to version 2026.1.225 contained security feature vulnerabilities, which were caused by insufficient entropy in the RadAsyncUpload...

WordPress plugin Aruba HiSpeed Cache 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-68846

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paris Holley Asynchronous Javascript asynchronous-javascript allows Reflected XSS.This issue affects Asynchronous Javascript: from n/a through = 1.3.5...

PCI: endpoint: Avoid creating sub-groups asynchronously

...

CVE-2025-68846

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paris Holley Asynchronous Javascript asynchronous-javascript allows Reflected XSS.This issue affects Asynchronous Javascript: from n/a through = 1.3.5...

CVE-2025-68846

CVE-2025-68846 is a Reflected XSS affecting WordPress plugin Asynchronous Javascript (versions 1.3.5 (or later as released). Technical details are supported by connected Red Hat, NVD, CVE, and PatchStack entries indicating an XSS vulnerability in this plugin and the stated affected range; no exp...

CVE-2025-68846 WordPress Asynchronous Javascript plugin <= 1.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paris Holley Asynchronous Javascript asynchronous-javascript allows Reflected XSS.This issue affects Asynchronous Javascript: from n/a through = 1.3.5...

CVE-2025-68846 WordPress Asynchronous Javascript plugin <= 1.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paris Holley Asynchronous Javascript asynchronous-javascript allows Reflected XSS.This issue affects Asynchronous Javascript: from n/a through = 1.3.5...

CVE-2026-21627

The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s comajax entry point. Under certain conditions, internal framework functionality could be invoked without proper restriction...