CVE-2026-3187 feiyuchuixue sz-boot-parent API Endpoint upload unrestricted upload

A vulnerability was identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this issue is some unknown functionality of the file /api/admin/sys-file/upload of the component API Endpoint. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The explo...

CVE-2026-27636 FreeScout: Missing .htaccess in Restricted File Extensions Allows Remote Code Execution on Apache

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's file upload restriction list in app/Misc/Helper.php does not include .htaccess or .user.ini files. On Apache servers with AllowOverride All a common configuration, an...

CVE-2026-27636

FreeScout has two combined CVEs affecting prior to 1.8.206. CVE-2026-27636 stems from an incomplete file restriction list: .htaccess and .user.ini are not blocked, allowing an authenticated user to upload a script on Apache with AllowOverride All and potentially achieve Remote Code Execution. CV...

Regular Expression Denial Of Service (ReDoS)

PyMdown Extensions is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing in the pymdownx.blocks.caption extension, which allows an attacker to supply crafted input that triggers excessive processing time and causes the...

CVE-2026-3063

Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via DevTools. Chromium security severity: High...

netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions

A flaw in Netty’s HTTP/1.1 chunked encoding parser allows newline LF characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 145.0.7632.116 contained a security vulnerability, which was caused by improper implementation of DevTools. This vulnerability could allow attackers to inject scripts or HTML into privileged pages through...

CVE-2025-13617

The Apollo13 Framework Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘a13altlink’ parameter in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Tanium Cloud Workloads 安全漏洞

Tanium Cloud Workloads is a security and management module provided by the American company Tanium. There is a security vulnerability present in Tanium Cloud Workloads, which stems from an attacker who may be allowed access to Tanium client containers, capable of executing denial-of-service attac...

CVE-2025-13617

The Apollo13 Framework Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘a13altlink’ parameter in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-13617 Apollo13 Framework Extension <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via `a13_alt_link` Parameter

The Apollo13 Framework Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘a13altlink’ parameter in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-13617 Apollo13 Framework Extension <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via `a13_alt_link` Parameter

The Apollo13 Framework Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘a13altlink’ parameter in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-13617

CVE-2025-13617 refers to the Apollo13 Framework Extensions plugin for WordPress, where a stored XSS exists in the a13_alt_link parameter for all versions up to 1.9.8. The vulnerability requires authentication at Contributor level or higher and can cause arbitrary scripts to run in pages viewed by...

WordPress plugin Apollo13 Framework Extensions 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress Apollo13 Framework Extension plugin <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via `a13_alt_link` Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via a13altlink Parameter vulnerability discovered by Webbernaut in WordPress Plugin Apollo13 Framework Extensions versions = 1.9.8...

CVE-2026-20144

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the the Splunk internal index coul...

CVE-2026-20144

CVE-2026-20144 affects Splunk Enterprise (and Cloud Platform variants) where a user with access to the _internal index on a Search Head Cluster could view SAML configurations (AQRs or Authentication extensions) in plain text in the conf.log. Affected are Splunk Enterprise versions below 10.2.0, 1...

CVE-2026-20144 Sensitive Information Disclosure in ''_internal'' index in Splunk Enterprise

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the the Splunk internal index coul...

CVE-2026-20144 Sensitive Information Disclosure in ''_internal'' index in Splunk Enterprise

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the the Splunk internal index coul...

PT-2026-20473

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11 Splunk Cloud Platform versions prior to 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120 Description A user with access to the Splunk internal index within a...