EUVD-2026-10598

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...

CVE-2026-23674

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...

CVE-2026-1261

The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Quiz feature in all versions up to, and including, 3.9.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2026-23674 MapUrlToZone Security Feature Bypass Vulnerability

...

CVE-2026-24297 Windows Kerberos Security Feature Bypass Vulnerability

...

Description of the security update for SharePoint Server 2016 Language Pack: March 10, 2026 (KB5002851)

Description of the security update for SharePoint Server 2016 Language Pack: March 10, 2026 KB5002851 Summary Important: If you're running Microsoft SharePoint Server 2013-type workflows, you must install the August 2025 update for SharePoint Workflow Manager to your farm before you install this...

KB5077473 - Description of the security update for SQL Server 2016 SP3 Azure Connect Feature Pack: March 10, 2026

KB5077473 - Description of the security update for SQL Server 2016 SP3 Azure Connect Feature Pack: March 10, 2026 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This...

Description of the security update for SharePoint Server 2016: March 10, 2026 (KB5002850)

Description of the security update for SharePoint Server 2016: March 10, 2026 KB5002850 Summary Important: If you're currently running SharePoint Workflow Manager, you must install the SharePoint Workflow Manager KB5002799 to your farm before you install this cumulative update. If you're currentl...

CVE-2026-1261

The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Quiz feature in all versions up to, and including, 3.9.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2026-1261

MetForm Pro

CVE-2026-1261 MetForm Pro <= 3.9.6 - Unauthenticated Stored Cross-Site Scripting

The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Quiz feature in all versions up to, and including, 3.9.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

PT-2026-24277

Уязвимость метода MapUrlToZone операционных систем Windows связана с неправильным разрешением эквивалентности пути. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, обойти существующие механизмы безопасности...

Zoom Workplace VDI Client < 6.4.17 Vulnerability (ZSB-26005)

The version of Zoom Workplace VDI Client installed on the remote host is prior to 6.4.17. It is, therefore, affected by a vulnerability as referenced in the ZSB-26005 advisory. - External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an...

Zoom Workplace < 6.6.0 Vulnerability (ZSB-26005)

The version of Zoom Workplace installed on the remote host is prior to 6.6.0. It is, therefore, affected by a vulnerability as referenced in the ZSB-26005 advisory. - External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated...

PT-2026-24196

Name of the Vulnerable Software and Affected Versions MetForm Pro plugin for WordPress versions through 3.9.6 Description The MetForm Pro plugin for WordPress is susceptible to Stored Cross-Site Scripting through the Quiz feature. Insufficient input sanitization and output escaping allow...

EUVD-2026-10413

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS vulnerability exists in the Table Widget TableWidgetV2. The root cause is a lack of HTML sanitization in the React component rendering pipeline, allowing malicious attributes to be...

CVE-2026-30862

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS vulnerability exists in the Table Widget TableWidgetV2. The root cause is a lack of HTML sanitization in the React component rendering pipeline, allowing malicious attributes to be...

Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory

Impact The PagesRouter static file serving route is vulnerable to a path traversal attack that allows unauthenticated reading of files outside the configured pagesPath directory. The boundary check uses a string prefix comparison without enforcing a directory separator boundary. An attacker can u...

CVE-2026-30823

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, there is an IDOR vulnerability, leading to account takeover and enterprise feature bypass via SSO configuration. This issue has been patched in version 3.0.13...

CVE-2026-30823

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, there is an IDOR vulnerability, leading to account takeover and enterprise feature bypass via SSO configuration. This issue has been patched in version 3.0.13...