CVE-2026-4030

The vulnerability CVE-2026-4030 affects the Database Backup for WordPress plugin for WordPress (all versions up to 2.5.2). The root cause is the plugin not properly enforcing the return value of its authorization check when combined with a user-controlled backup directory parameter, enabling unau...

EUVD-2026-30273

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup...

CVE-2026-4030 Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Arbitrary File Read and Deletion

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup...

WordPress InfusedWoo Pro plugin <= 5.1.2 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin InfusedWoo Pro versions = 5.1.2...

CVE-2026-6514

The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popupsubmit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...

CVE-2026-6514 InfusedWoo Pro <= 5.1.2 - Unauthenticated Arbitrary File Read via 'url' Parameter

The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popupsubmit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...

CVE-2026-6514 InfusedWoo Pro <= 5.1.2 - Unauthenticated Arbitrary File Read via 'url' Parameter

The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popupsubmit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...

CVE-2026-6514

The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popupsubmit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...

EUVD-2026-30263

The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popupsubmit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...

CVE-2026-6514

The CVE concerns InfusedWoo Pro for WordPress (all versions up to 5.1.2) with an Arbitrary File Read vulnerability exploitable via the popup_submit parameter. The root cause enables unauthenticated attackers to issue web requests to arbitrary locations from the application, potentially enabling a...

OneDev 路径遍历漏洞

OneDev is a JAVA-based multi-functional DevOps platform developed by Theonedev team. This platform supports container building, orchestration, CI, Git management, and team collaboration, helping developers create a simple yet powerful development platform. Versions of OneDev prior to 15.0.2 had a...

PT-2026-40933

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.43 n8n versions prior to 2.20.7 n8n versions prior to 2.22.1 Description An authenticated user with permissions to create or modify workflows can achieve global prototype pollution through an unvalidated pagination...

Strapi SQL注入漏洞

Strapi is an open-source content management system CMS developed by the Strapi community in France. Versions of Strapi prior to 4.26.1 and 5.33.2 contained a SQL injection vulnerability. This vulnerability stemmed from the Content-Type Builder API’s database query injection mechanism. This allowe...

PT-2026-40935

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.43 n8n versions prior to 2.20.7 n8n versions prior to 2.22.1 Description An authenticated user with permissions to create or modify workflows can bypass a previous prototype pollution patch in the XML node. Prototyp...

PT-2026-40937

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.43 n8n versions prior to 2.20.7 n8n versions prior to 2.21.1 Description An authorization bypass exists in the OAuth1 and OAuth2 credential reconnect endpoints. These endpoints incorrectly authorized access using...

PT-2026-40936

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.43 n8n versions prior to 2.20.7 n8n versions prior to 2.22.1 Description An attacker with write access to a git repository connected to an n8n Source Control configuration can commit a malicious Data Table JSON file...

PT-2026-41141

Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions 2.33.0 through 2.33.7 Portainer Community Edition versions 2.39.0 through 2.39.1 Portainer Community Edition versions prior to 2.41.0 Description Portainer supports deploying stacks from Git repositories...

PT-2026-40910

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup...

PT-2026-40899

Name of the Vulnerable Software and Affected Versions InfusedWoo Pro versions prior to 5.1.3 Description The InfusedWoo Pro plugin for WordPress allows unauthenticated attackers to perform Arbitrary File Read via the 'popup submit' endpoint. This allows web requests to be made to arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2026-6959

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symli...