WordPress plugin Visualizer 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Devs Palace ERP Online 跨站脚本漏洞

Devs Palace ERP Online is a cloud-based enterprise resource planning and business management system developed by Devs Palace. Versions of Devs Palace ERP Online 4.0.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from an unknown function in the...

CVE-2026-41499 Wazuh: Multiple Heap-based NULL WRITE Buffer Underflows in parse_uname_string()

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exist in parseunamestring remotedop.c. This function processes OS identification data from agents and...

GHSA-C96X-RPM4-349P Spring Boot's Elasticsearch auto-configuration doesn't perform hostname verification when connecting to the Elasticsearch server.

When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server. Affected: Spring Boot 4.0.0–4.0.5; upgrade to 4.0.6 or later per vendor advisory...

EUVD-2026-17967

Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade...

CVE-2026-2830 WP All Import <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath'

The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2026-2830

WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets (WordPress plugin) is listed as vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in versions up to and including 4.0.0 due to insufficient input sanitization and output escaping. The CVE notes unauthen...

EUVD-2026-8696

LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution...

org.apache.syncope.client.am:syncope-client-am-console (>=4.0.0 <=4.0.3), org.apache.syncope.client.idm:syncope-client-idm-console (>=4.0.0 <=4.0.3) +4 more potentially affected by CVE-2026-23795 via org.apache.syncope.client.idrepo:syncope-client-idrepo-console (>=4.0.0 <=4.0.3)

org.apache.syncope.client.idrepo:syncope-client-idrepo-console MAVEN version =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.3 Source cves: CVE-2026-23795 Source advisory: OSV:GHSA-73F3-RQQF-2J54...

CVE-2026-24793 A heap-based buffer over-read or buffer overflow vulnerability in azerothcore/azerothcore-wotlk

Out-of-bounds Write, Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in azerothcore azerothcore-wotlk deps/zlib modules. This vulnerability is associated with program files inflate.C. This issue affects azerothcore-wotlk: through v4.0.0...

CVE-2021-41788

MediaTek microchips, as used in NETGEAR devices through 2021-12-13 and other devices, mishandle attempts at Wi-Fi authentication flooding. Affected Chipsets MT7603E, MT7612, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0...

EUVD-2025-206231

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user member can see and use invitation links sent to an administrator. When they use the link before the legitimate recipie...

CVE-2025-15135 joey-zhou xiaozhi-esp32-server-java Cookie AuthenticationInterceptor.java tryAuthenticateWithCookies improper authentication

A weakness has been identified in joey-zhou xiaozhi-esp32-server-java up to 3.0.0. This impacts the function tryAuthenticateWithCookies of the file AuthenticationInterceptor.java of the component Cookie Handler. Executing manipulation can lead to improper authentication. The attack can be launche...

SUSE CVE-2025-60632

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the NpcfBDTPolicyControl API...

IBM Aspera Orchestrator 安全漏洞

IBM Aspera Orchestrator is an automated workflow engine focused on managing file transfers and processing tasks. An unauthenticated password change vulnerability exists in IBM Aspera Orchestrator, which can be exploited by an attacker to make unauthorized changes to other users' passwords...

CVE-2025-60632

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the NpcfBDTPolicyControl API...

CVE-2025-60632

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the NpcfBDTPolicyControl API...

CVE-2025-60632

Free5GC Fix for CVE-2025-60632: A DoS via crafted POST to Npcf_BDTPolicyControl API affects Free5GC v4.0.0/v4.0.1. The SNYK notes indicate improper handling in Npcf_BDTPolicyControl leading to availability impact. Remediation guidance from the connected SNYK reports recommends upgrading the affec...

free5GC 安全漏洞

free5GC is an open source project for 5th Generation 5G mobile core networks open sourced by free5GC. A security vulnerability exists in free5GC versions 4.0.0 and 4.0.1, which stems from the NnssfNSSAIAvailability API mishandling of ad-hoc POST requests, which could lead to a denial of service...

WordPress Post Type Switcher plugin <= 4.0.0 - Insecure Direct Object Reference to Authenticated (Author+) Post Type Change vulnerability

Insecure Direct Object Reference to Authenticated Author+ Post Type Change vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Post Type Switcher versions = 4.0.0...