EUVD-2026-32159

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the admin.mbnetj.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

EUVD-2026-32158

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

PT-2026-43624

Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and modifying configuration information...

WordPress plugin WP Promoter 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-6897

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\TeamAccounts::savesettings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

CVE-2025-36220

Summary of CVE-2025-36220 : IBM Cloud Pak for Data System, Cyclops component, versions 11.3.0.2 through Interim Fix 002, is vulnerable to SQL injection. The root cause is improper handling of SQL commands in the Cyclops backend, allowing a remote attacker to view, add, modify, or delete data in t...

CVE-2026-9082

A flaw was found in Drupal core. This vulnerability, identified as an SQL Injection CWE-89, allows a remote attacker to execute malicious SQL commands. By exploiting this, an attacker could potentially access, modify, or delete sensitive data within the database, leading to information disclosure...

HP LaserJet Printers Missing Authorization (CVE-2013-4807)

Unspecified vulnerability on the HP LaserJet Pro P1102w, P1606dn, M1212nf MFP, M1213nf MFP, M1214nfh MFP, M1216nfh MFP, M1217nfw MFP, M1218nfs MFP, and CP1025nw with firmware before 20130703 allows remote attackers to modify data via unknown vectors. This plugin only works with Tenable.ot. Please...

HP LaserJet Printers Denial of Service (CVE-2012-5215)

Unspecified vulnerability on the HP LaserJet Pro M1212nf, M1213nf, M1214nfh, M1216nfh, M1217nfw, and M1219nf, and HotSpot LaserJet Pro M1218nfs, with firmware before 20130211; LaserJet Pro CP1025nw with firmware before 20130212; and LaserJet Pro P1102w and P1606dn with firmware before 20130213...

ROS-20260524-73-0018

A vulnerability in the Security component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient protection of proprietary data. Exploitation of the vulnerability could allow an attacker to gain access to...

CVE-2026-6897

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\TeamAccounts::savesettings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

CVE-2026-6898 WishList Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Generate API Secret Key via 'wlm3_generate_api_key' AJAX action

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3Hooks::generateapikey' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

PT-2026-42865

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMemberFeaturesTeam Accounts::save settings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

SUSE CVE-2026-7836

An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input...

SUSE CVE-2026-7837

A time-of-check time-of-use TOCTOU condition in the adflush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited data modification under specific race conditions...

SUSE CVE-2026-44059

A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption...

CVE-2026-48232

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modif...

CVE-2026-44063

A flaw was found in Netatalk. This vulnerability, an LDAP filter injection, allows a remote attacker with low privileges to manipulate LDAP queries. This could lead to the disclosure of sensitive information or unauthorized modification of data within the LDAP directory...

CVE-2026-7837

A flaw was found in Netatalk. A remote attacker may exploit a time-of-check time-of-use TOCTOU condition, where the state of a resource is checked, and then used, but the state changes between the check and the use. This condition, specifically in the adflush function, involves root-privileged fi...

CVE-2026-7837

A time-of-check time-of-use TOCTOU condition in the adflush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited data modification under specific race conditions...