11178 matches found
CVE-2026-4030
The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup...
EUVD-2026-30273
The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup...
CVE-2026-4030 Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Arbitrary File Read and Deletion
The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup...
WordPress InfusedWoo Pro plugin <= 5.1.2 - Unauthenticated Arbitrary File Read vulnerability
Unauthenticated Arbitrary File Read vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin InfusedWoo Pro versions = 5.1.2...
CVE-2026-6514
The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popupsubmit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...
CVE-2026-6514 InfusedWoo Pro <= 5.1.2 - Unauthenticated Arbitrary File Read via 'url' Parameter
The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popupsubmit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...
EUVD-2026-30263
The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popupsubmit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...
CVE-2026-6514
The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popupsubmit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...
CVE-2026-6514 InfusedWoo Pro <= 5.1.2 - Unauthenticated Arbitrary File Read via 'url' Parameter
The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popupsubmit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...
CVE-2026-6514
The CVE concerns InfusedWoo Pro for WordPress (all versions up to 5.1.2) with an Arbitrary File Read vulnerability exploitable via the popup_submit parameter. The root cause enables unauthenticated attackers to issue web requests to arbitrary locations from the application, potentially enabling a...
PT-2026-40936
🚨High - n8n Multiple Critical Vulnerabilities CVE-2026-44791, CVE-2026-44792, CVE-2026-45732, CVE-2026-44789, CVE-2026-44790 Multiple high-severity vulnerabilities were disclosed in n8n, including Prototype Pollution leading to RCE via XML Node and HTTP Request Node, Arbitrary File Read via Git...
PT-2026-40910
The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup...
PT-2026-40899
Name of the Vulnerable Software and Affected Versions InfusedWoo Pro versions prior to 5.1.3 Description The InfusedWoo Pro plugin for WordPress allows unauthenticated attackers to perform Arbitrary File Read via the 'popup submit' endpoint. This allows web requests to be made to arbitrary...
OneDev 路径遍历漏洞
OneDev is a JAVA-based multi-functional DevOps platform developed by Theonedev team. This platform supports container building, orchestration, CI, Git management, and team collaboration, helping developers create a simple yet powerful development platform. Versions of OneDev prior to 15.0.2 had a...
PT-2026-40935
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.43 n8n versions prior to 2.20.7 n8n versions prior to 2.22.1 Description An authenticated user with permissions to create or modify workflows can bypass a previous prototype pollution patch in the XML node. Prototyp...
PT-2026-40933
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.43 n8n versions prior to 2.20.7 n8n versions prior to 2.22.1 Description An authenticated user with permissions to create or modify workflows can achieve global prototype pollution through an unvalidated pagination...
PT-2026-40937
🚨High - n8n Multiple Critical Vulnerabilities CVE-2026-44791, CVE-2026-44792, CVE-2026-45732, CVE-2026-44789, CVE-2026-44790 Multiple high-severity vulnerabilities were disclosed in n8n, including Prototype Pollution leading to RCE via XML Node and HTTP Request Node, Arbitrary File Read via Git...
PT-2026-41141
Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions 2.33.0 through 2.33.7 Portainer Community Edition versions 2.39.0 through 2.39.1 Portainer Community Edition versions prior to 2.41.0 Description Portainer supports deploying stacks from Git repositories...
Strapi SQL注入漏洞
Strapi is an open-source content management system CMS developed by the Strapi community in France. Versions of Strapi prior to 4.26.1 and 5.33.2 contained a SQL injection vulnerability. This vulnerability stemmed from the Content-Type Builder API’s database query injection mechanism. This allowe...
Linux Distros Unpatched Vulnerability : CVE-2026-8052
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad's exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink...