1060835 matches found
EulerOS Virtualization 2.12.1 : python-ply (EulerOS-SA-2026-2087)
According to the versions of the python-ply packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile...
EulerOS Virtualization 2.10.0 : python-ply (EulerOS-SA-2026-2062)
According to the versions of the python-ply package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile...
EulerOS Virtualization 2.10.1 : python-ply (EulerOS-SA-2026-2035)
According to the versions of the python-ply package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile...
CVE-2026-8608 Event Monster <= 2.1.0 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass via em_capture_payment AJAX Action
The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is due to the capturepayment AJAX handler registered via wpajaxnoprivemcapturepayment trusting...
CVE-2026-9290
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the profile template scope function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files...
CVE-2026-9290 WP User Manager <= 2.9.17 - Unauthenticated Path Traversal to Local File Inclusion via 'tab' Query Parameter
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the profile template scope function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files...
CVE-2026-7654
The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowedclasses restriction in the IdsToCollection::getidsfromstring function, which processes...
Exploit for Deserialization of Untrusted Data in Facebook React
React2Shell CVE-2025-55182 Next.js: CVE-2025-66478Unauthenti...
CVE-2026-7654 Admin Columns <= 7.0.18 - Authenticated (Contributor+) PHP Object Injection to Remote Code Execution via Custom Field Meta Value
The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowedclasses restriction in the IdsToCollection::getidsfromstring function, which processes...
CVE-2026-7654 Admin Columns <= 7.0.18 - Authenticated (Contributor+) PHP Object Injection to Remote Code Execution via Custom Field Meta Value
The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowedclasses restriction in the IdsToCollection::getidsfromstring function, which processes...
CVE-2026-7654
The Admin Columns plugin for WordPress (up to version 7.0.18) is vulnerable to PHP Object Injection that leads to Remote Code Execution. Root cause: unserialize() used without an allowed_classes restriction in IdsToCollection::get_ids_from_string(), processing attacker-controlled post meta values...
CVE-2026-7654
The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowedclasses restriction in the IdsToCollection::getidsfromstring function, which processes...
CVE-2026-11429
A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...
MAL-2026-5273 Malicious code in anthropy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4f399f7bce64b482a85876e01829154fd6031d69466c7d46543f1126eb12f854 During import, the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
MINI-W4WH-M3CM-C3F8
Bulletin has no description...
MINI-Q86C-36PG-XJQR
Bulletin has no description...
MINI-X8Q5-8M3X-3W5J
Bulletin has no description...
MINI-38QG-7M7W-W46F
Bulletin has no description...
MINI-P3MQ-J8QV-GXH3
Bulletin has no description...
MINI-3263-WJ9H-F629
Bulletin has no description...