EUVD-2026-15659

Improper Validation of Specified Quantity in Input vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects SimpLy Gallery: from n/a through = 3.3.2...

CVE-2025-51682

mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly...

CVE-2025-51682

mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly...

PT-2025-38850

Name of the Vulnerable Software and Affected Versions Memberful versions through 1.75.0 Description A missing authorization issue exists in Memberful, allowing access to functionality that is not properly constrained by Access Control Lists ACLs. Recommendations Update to a version later than...

CVE-2025-58835

Improper Validation of Specified Quantity in Input vulnerability in calliko Bonus for Woo bonus-for-woo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bonus for Woo: from n/a through = 7.6.6...

PT-2025-26956 · Manageengine · Zoho Manageengine Exchange Reporter Plus

Name of the Vulnerable Software and Affected Versions: ManageEngine Exchange Reporter Plus versions 5722 and earlier Description: The issue concerns a Stored XSS in the report for emails read by folder with subject. This affects the specified versions of ManageEngine Exchange Reporter Plus,...

CVE-2023-27180

GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /admin/backup.php...

CVE-2025-4316

Improper access control in PAM feature in Devolutions Server allows a PAM user to self approve their PAM requests even if disallowed by the configured policy via specific user interface actions. This issue affects Devolutions Server versions from 2025.1.3.0 through 2025.1.6.0, and all versions up...

Kibana 8.x < 8.7.1 Multiples Vulnerabilities

According to its self-reported version number, the Kibana application running on the remote host is 8.x prior to 8.7.1. It is, therefore, affected by multiple vulnerabilities. - An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to...

WordPress Plugin Play.ht security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

23andMe says, er, actually some genetic and health data might have been accessed in recent breach

In October we reported that the data of as many as seven million 23andMe customers were for sale on criminal forums following a password attack against the genomics company. Now, a filing with the US Securities and Exchange Commission SEC has provided some more insight into the data theft. The...

PT-2023-26807 · Conemu · Conemu

Name of the Vulnerable Software and Affected Versions: ConEmu versions prior to commit 230724 Description: The issue is related to the incorrect sanitization of title responses for control characters, potentially leading to arbitrary code execution. This is connected to an incomplete fix for a...

PT-2023-5804 · Acronis · Acronis Cyber Protect Home Office

Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect Home Office Windows versions before build 40173 Description: The issue is related to local privilege escalation during recovery due to improper soft link handling. This could allow an attacker to elevate their privileges...

Shopify: Staff without Manage Themes permissions can update themes

Vulnerability description not provided...

IBM Security Guardium License Issue Vulnerability (CNVD-2021-49053)

IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. An authorization issue vulnerability exists in IBM Security Guardium...

Information leakage vulnerability in multiple Huawei phones

Huawei Berlin-L21HN and Prague-AL00A are smartphone products of Huawei China. Several Huawei phones are vulnerable to information leakage. When a user connects a dangerous charging device to charge the phone, an unauthenticated attacker opens specific features of the phone by sending a carefully...