CVE-2026-39592 WordPress DEPART plugin <= 1.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Andy Ha DEPART depart-deposit-and-part-payment-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DEPART: from n/a through = 1.0.7...

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

exploit-code-management

Viết code python deploy 1 web với các yêu cấu sau - Thực hiện co...

VulnCheck KEV: CVE-2020-13851

Artica Pandora FMS 7.44 allows remote command execution via the events feature...

WordPress plugin FSM Custom Featured Image Caption 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006690)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006690 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: improve error handling from ext4dirhash The ext4dirhash will almost never fail, especially...

CVE-2026-35585 File Browser has a Command Injection via Hook Runner

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. From 2.0.0 until 2.33.8, the hook system in File Browser — which executes administrator-defined shell commands on file events such as upload, rename, and delete...

CVE-2026-35172

A flaw was found in Distribution, a toolkit used for managing container content. When specific caching and deletion features are enabled, a remote attacker can exploit a vulnerability that allows previously deleted content to become readable again. This occurs because the system does not fully...

CVE-2026-5647

A vulnerability was detected in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/adminfeature.php of the component Add Product Page. The manipulation of the argument productname results in cross site scripting. The attack may be launched remotely. The exploit i...

CVE-2024-36058

The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fails to sanitize the POST parameter biblist in /cgi-bin/koha/opac-sendbasket.pl, allowing library users to read arbitrary data from the database...

CVE-2026-35167

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...

EUVD-2026-19225

A vulnerability was detected in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/adminfeature.php of the component Add Product Page. The manipulation of the argument productname results in cross site scripting. The attack may be launched remotely. The exploit i...

CVE-2026-5647 code-projects Online Shoe Store Add Product admin_feature.php cross site scripting

A vulnerability was detected in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/adminfeature.php of the component Add Product Page. The manipulation of the argument productname results in cross site scripting. The attack may be launched remotely. The exploit i...

CVE-2026-5647

CVE-2026-5647 affects code-projects Online Shoe Store 1.0. The vulnerability is in the admin feature for adding products, specifically through an XSS condition triggered by manipulating the product_name parameter in /admin/admin_feature.php. The issue is exploitable remotely, and public exploit d...

CVE-2026-5647 code-projects Online Shoe Store Add Product admin_feature.php cross site scripting

A vulnerability was detected in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/adminfeature.php of the component Add Product Page. The manipulation of the argument productname results in cross site scripting. The attack may be launched remotely. The exploit i...

Exploit for CVE-2024-36058

Koha Library Software CVE ID: CVE-2024-36058 Produ...

PT-2026-30597

A vulnerability was detected in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/admin feature.php of the component Add Product Page. The manipulation of the argument product name results in cross site scripting. The attack may be launched remotely. The exploit...

Code-Projects Online Shoe Store 代码注入漏洞

Code-Projects Online Shoe Store is an open-source online shoe store system developed by Code-Projects. Version 1.0 of Code-Projects Online Shoe Store contains a code injection vulnerability. This vulnerability arises from incorrect handling of the parameter productname in the file...

PT-2026-35849

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.138 Description A use after free issue in Cast allows an attacker on the local network segment to execute arbitrary code inside a sandbox by sending malicious network traffic. Use after free is a memo...

CVE-2026-5580

A vulnerability was identified in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/addvideos.php of the component Parameter Handler. The manipulation of the argument videotitle leads to sql injection. It is possible to initiate the attack remotely. The...