CVE-2026-11505

A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires ...

CVE-2026-11505 GL.iNet XE3000 glnassys hard-coded key

A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires ...

CVE-2026-3722 Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) <= 4.9 - Authenticated (Author+) Stored Cross-Site Scripting via Image Attribute

The Auto Image Attributes From Filename With Bulk Updater Add Alt Text, Image Title For Image SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment metadata in all versions up to, and including, 4.9 due to insufficient input sanitization and output escaping. Thi...

WordPress plugin Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) plugin <= 4.9 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by kai63001 in WordPress Plugin Auto Image Attributes From Filename With Bulk Updater Add Alt Text, Image Title For Image SEO versions = 4.9...

CVE-2026-9349

A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the function getServerSideProps of the file apps/web/modules/bookings/views/bookings-single-view.getServerSideProps.tsx of the component Generic React API. This manipulation of the argument...

CVE-2026-40099

Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint site/blueprints/users/.... It is also possible to customize th...

EUVD-2026-25368

Kirby is an open-source content management system. Kirby's Xml::value method has special handling for blocks. If the input value is already valid CDATA, it is not escaped a second time but allowed to pass through. However, prior to versions 4.9.0 and 5.4.0, it was possible to trick this check int...

WordPress ManageWP Worker plugin <= 4.9.31 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Steven Julian in WordPress Plugin ManageWP Worker versions = 4.9.31...

PT-2026-32979

Name of the Vulnerable Software and Affected Versions next-intl versions prior to 4.9.1 Description Applications using the middleware with localePrefix: 'as-needed' could construct URLs where path handling and the WHATWG URL parser resolved a relative redirect target to another host. This occurs...

CVE-2025-57529

YouDataSum CPAS Audit Management System =v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to execute arbitrary SQL commands via crafted input to the parameter. Successful exploitation could...

CVE-2025-11044

An Allocation of Resources Without Limits or Throttling vulnerability in the ANSL-Server component of B Automation Runtime versions prior to 6.5 and prior to R4.93 could be exploited by an unauthenti-cated attacker on the network to win a race condition, resulting in permanent denial-of-service D...

CVE-2025-14384

CVE-2025-14384 affects the All in One SEO – Powerful SEO Plugin for WordPress (versions ≤ 4.9.2). It arises from a missing capability check on the REST route /aioseo/v1/ai/credits, allowing authenticated users with Contributor-level access and above to disclose the global AI access token. Wordfen...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003060)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003060 advisory. The doshmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local use...

wangmarket 代码注入漏洞

wangmarket is a privatized deploy your own SAAS cloud builder system for xnx3 individual developers in China. A code injection vulnerability exists in wangmarket 4.9 and earlier versions, which stems from an incorrect manipulation of the Description parameter in the file...

WordPress Youzify plugin <= 1.3.6 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by NumeX in WordPress Plugin Youzify versions = 1.3.6...

EUVD-2025-205198

Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through = 4.9.5...

PT-2025-53089

Name of the Vulnerable Software and Affected Versions wpstream versions through 4.9.5 Description An authorization issue exists in wpstream WpStream wpstream. The issue involves incorrectly configured access control security levels, potentially allowing unauthorized access. Recommendations At the...

CVE-2025-13741 Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.2 - Missing Authorization to Authenticated (Contributor+) Authors' Emails Exposure

The Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getAuthors function in all versions up to, and including, 4.9.2. This makes it...

CVE-2025-54005

Missing Authorization vulnerability in sonalsinha21 SKT Page Builder skt-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SKT Page Builder: from n/a through = 4.9...