CVE-2026-2509 Page Builder: Pagelayer <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes

The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Custom Attributes field in all versions up to, and including, 2.0.8. This is due to an incomplete event handler blocklist in the 'pagelayerxsscontent' XSS filtering function, whic...

CVE-2026-34765

A flaw was found in Electron, a framework for building desktop applications. This vulnerability allows a malicious component within an Electron application to hijack an existing child window opened by another part of the application if both use the same window name. This could lead to the malicio...

Emmett has a path traversal in internal assets handler

The RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files outside the assets directory...

Directory Traversal

Overview emmett is a The web framework for inventors Affected versions of this package are vulnerable to Directory Traversal via the RSGI static handler for internal assets. An attacker can access arbitrary files outside the intended directory by sending specially crafted requests containing...

GHSA-PR46-2V3C-5356 Emmett has a path traversal in internal assets handler

The RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files outside the assets directory...

EUVD-2026-19878

WWBN AVideo Affected by a PayPal IPN Replay Attack Enabling Wallet Balance Inflation via Missing Transaction Deduplication in ipn.php...

EUVD-2026-19782

File Browser: Proxy auth auto-provisioned users inherit Execute permission and Commands...

GHSA-7526-J432-6PPP File Browser: Proxy auth auto-provisioned users inherit Execute permission and Commands

Summary The fix in commit b6a4fb1 "self-registered users don't get execute perms" stripped Execute permission and Commands from users created via the signup handler. The same fix was not applied to the proxy auth handler. Users auto-created on first successful proxy-auth login are granted executi...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the resourceGetHandler process. An attacker can access the full content of text files within their authorized scope by sending requests to the /api/resources endpoint, bypassing the intended download permission...

Incorrect Authorization

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Incorrect Authorization due to the withHashFile handler not re-checking the share owner's current permissions. An attacker can access previously created share links and...

File Browser share links remain accessible after Share/Download permissions are revoked

When an admin revokes a user's Share and Download permissions, existing share links created by that user remain fully accessible to unauthenticated users. The public share download handler does not re-check the share owner's current permissions. Verified with a running PoC against v2.62.2 commit...

GHSA-V9W4-GM2X-6RVF File Browser share links remain accessible after Share/Download permissions are revoked

When an admin revokes a user's Share and Download permissions, existing share links created by that user remain fully accessible to unauthenticated users. The public share download handler does not re-check the share owner's current permissions. Verified with a running PoC against v2.62.2 commit...

PT-2026-31077

Name of the Vulnerable Software and Affected Versions LTL Freight Quotes – R+L Carriers Edition plugin for WordPress versions up to and including 3.3.13 Description The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress is susceptible to unauthorized access due to missing...

ROS-20260408-73-0014

A vulnerability in the arch/arm/mach-rockchip component of the Linux operating system kernel is related to a race condition in the signal handler. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006796)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006796 advisory. In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Create persistent INTx handler A vulnerability exists where the eventfd for INTx...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006650)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006650 advisory. In the Linux kernel, the following vulnerability has been resolved: rtc: cmos: Fix event handler registration ordering issue Because acpiinstallfixedeventhandler...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006821)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006821 advisory. In the Linux kernel, the following vulnerability has been resolved: vfio/fsl-mc: Block calling interrupt handler without trigger The eventfdctx trigger pointer of th...

CVE-2026-5681

A flaw has been found in itsourcecode sanitize or validate this input 1.0. This impacts an unknown function of the file /borrowedequip.php of the component Parameter Handler. This manipulation of the argument empid causes sql injection. The attack is possible to be carried out remotely. The explo...

PYSEC-2026-59

Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...

CVE-2026-39847 Emmett has a path traversal in internal assets handler

Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...