WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Evan in WordPress Plugin Salon booking system versions = 10.30.25...

CVE-2026-8233

CVE-2026-8233 concerns Dotouch XproUPF 2.0.0-release-088aa7c4 where an unknown UPF function manipulation leads to improper access controls. The description indicates a high attack complexity and requires adjacent access with low privileges and no user interaction. Impact is described as low for c...

CVE-2026-8233 Dotouch XproUPF access control

A vulnerability was determined in Dotouch XproUPF 2.0.0-release-088aa7c4. Affected is an unknown function of the component UPF. This manipulation causes improper access controls. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The vendor was...

EUVD-2026-28960

A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcfsesssetipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of the argument SmPolicyContextData.ipv6AddressPrefix can lead to denial of service. It is possible to...

CVE-2026-8225 Open5GS delete Endpoint sm-sm.c pcf_npcf_smpolicycontrol_handle_delete denial of service

A vulnerability was identified in Open5GS up to 2.7.7. This affects the function pcfnpcfsmpolicycontrolhandledelete of the file src/pcf/sm-sm.c of the component delete Endpoint. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit is publicly available an...

CVE-2026-8225

Open5GS up to version 2.7.7 is affected by CVE-2026-8225. The vulnerability resides in the function pcf_npcf_smpolicycontrol_handle_delete within src/pcf/sm-sm.c of the delete Endpoint, where a manipulation leads to a denial of service. The issue is exploitable remotely and publicly available exp...

CVE-2026-8225

A vulnerability was identified in Open5GS up to 2.7.7. This affects the function pcfnpcfsmpolicycontrolhandledelete of the file src/pcf/sm-sm.c of the component delete Endpoint. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit is publicly available an...

CVE-2026-8224 Open5GS PCF context.c pcf_sess_set_ipv6prefix denial of service

A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcfsesssetipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of the argument SmPolicyContextData.ipv6AddressPrefix can lead to denial of service. It is possible to...

Dotouch XproUPF 安全漏洞

Dotouch XproUPF is an intelligent conference tablet device from the Dotouch company, featuring integrated touch display and multimedia interaction capabilities. The Dotouch XproUPF 2.0.0-release-088aa7c4 version contains a security vulnerability. This vulnerability stems from improper access...

PT-2026-39451

A vulnerability was identified in Open5GS up to 2.7.7. This affects the function pcf npcf smpolicycontrol handle delete of the file src/pcf/sm-sm.c of the component delete Endpoint. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit is publicly availabl...

OpenCats 访问控制错误漏洞

OpenCats is an open-source recruitment process management system developed by OpenCats. Version 0.9.4 of OpenCats contains a vulnerability related to access control. This vulnerability stems from a remote code execution flaw, allowing unauthenticated attackers to execute arbitrary commands by...

PT-2026-39525

WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access Control settings. Attackers can enter JavaScript payloads in the plugin options that are stored in...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python3 (SUSE-SU-2026:1715-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1715-1 advisory. - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined...

Net-CIDR-Lite 安全漏洞

Net-CIDR-Lite is a Perl module for working with CIDR addresses from Stig Personal Developers. A security vulnerability exists in Net-CIDR-Lite versions prior to 0.24 that stems from not properly validating IP address and CIDR mask input, which could lead to IP ACL bypass...

openSUSE 16 Security Update : php-composer2 (openSUSE-SU-2026:20670-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20670-1 advisory. - CVE-2025-67746: ANSI control characters injection in terminal output of various Composer commands via attacker controlled remote sources...

SUSE SLED15 / SLES15 Security Update : jetty-minimal (SUSE-SU-2026:1751-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1751-1 advisory. - CVE-2026-2332: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extension...

WordPress plugin Picture Gallery 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-39539

Name of the Vulnerable Software and Affected Versions Net::CIDR::Lite versions prior to 0.24 Description Improper validation of CIDR mask values allows extraneous zero characters to be processed. Mask forms such as "/00" and "/01" pass validation and are parsed as the same prefix as their unpadde...

Net-CIDR-Lite 安全漏洞

Net-CIDR-Lite is a Perl module for handling CIDR addresses from the individual developers at Stig. A security vulnerability exists in Net-CIDR-Lite versions prior to 0.24 that stems from not properly handling extra zero characters in CIDR mask values, which could lead to IP ACL bypass...

PT-2026-39442

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8 Description A remote denial of service can be triggered in the PCF component via the pcf sess set ipv6prefix function located in the /src/pcf/context.c file. This occurs through the manipulation of the...