CVE-2019-25467

CVE-2019-25467 affects Verypdf docPrint Pro 8.0. The issue is a structured exception handling (SEH) buffer overflow in processing the User Password or Master Password fields during PDF encryption, enabling local code execution via an oversized alphanumeric-encoded payload with crafted shellcode, ...

Umbraco has Stored XSS in UFM Rendering Pipeline via Permissive DOMPurify Attribute Filtering

Description An authenticated backoffice user with access to Settings can inject malicious HTML into property type descriptions. Due to an overly permissive attributeNameCheck configuration /.+/ in the UFM DOMPurify instance, event handler attributes such as onclick and onload, when used within...

CVE-2025-15603

A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/startwindows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUISECRETKEY leads to insufficiently random values. It is possible to launch the attack...

CVE-2026-3222

The WP Maps plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'locationid' parameter in all versions up to, and including, 4.9.1. This is due to the plugin's database abstraction layer FlipperCodeModelBase::iscolumn treating user input wrapped in backticks as column...

CVE-2026-3222

WP Maps plugin for WordPress is vulnerable to a time-based blind SQL injection via the location_id parameter in versions up to 4.9.1. Root cause: the database abstraction layer (FlipperCode_Model_Base::is_column()) accepts user input wrapped in backticks as column names, bypassing esc_sql(). Addi...

CVE-2026-3453 ProfilePress <= 4.16.11 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration

The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...

PT-2026-24858

Name of the Vulnerable Software and Affected Versions Woahai321 ListSync versions up to 0.6.6 Description A server-side request forgery issue exists in Woahai321 ListSync. The problem affects the requests.post function within the list-sync-main/api server.py file, specifically in the JSON Handler...

plunk 代码问题漏洞

Plunk is an open-source email sending and management platform developed by Plunk. Versions of Plunk prior to 0.7.0 contained code vulnerabilities. These vulnerabilities stemmed from issues with the SNS webhook handler, which had problems with server-side request forgeing attacks. This could allow...

Locker 代码注入漏洞

Locker is an open-source personal data aggregation and management platform developed by The Locker Project. Versions 0.0.0, 0.0.1, and 0.1.0 of Locker contain code injection vulnerabilities. These vulnerabilities stem from incorrect operations on the authIsAwesome parameter ID in the file...

PT-2026-24859

A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted is the function server.tool of the file index.js of the component Tshark CLI Command Handler. The manipulation results in os command injection. The attack needs to be approached locally. The explo...

WireMCP 操作系统命令注入漏洞

WireMCP is a real-time network traffic analysis tool developed by Koda’s individual developers. WireMCP has a vulnerability related to operating system command injection. This vulnerability stems from incorrect operations on the server.tool function in the Tshark CLI Command Handler component,...

list-sync 代码问题漏洞

List-Sync is a tool developed by WoahAI personal developers, used for automatically syncing media servers with viewing lists. Versions of List-Sync 0.6.6 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect operations in the requests.post function of the component’s JS...

PT-2026-24891

A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. The impacted element is the function render template of the file Machine-Learning-Web-Apps-master/Build-n-Deploy-Flask-App-with-Waypoint/app/app.py of the component Jinja2 Template...

CVE-2025-20068

Improper input validation in the UEFI ImcErrorHandler module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via...

CVE-2025-20068

CVE-2025-20068 describes improper input validation in the UEFI ImcErrorHandler module on some Intel reference platforms that may allow escalation of privilege via a local, high-complexity attack by a privileged user, with no user interaction. The vulnerability has high impact across confidentiali...

CVE-2025-20068

Improper input validation in the UEFI ImcErrorHandler module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via...

CVE-2025-20068

Improper input validation in the UEFI ImcErrorHandler module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via...

CVE-2026-31833 Umbraco has Stored XSS in UFM Rendering Pipeline via Permissive DOMPurify Attribute Filtering

Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An authenticated backoffice user with access to Settings can inject malicious HTML into property type descriptions. Due to an overly permissive attributeNameCheck configuration /.+/ in the UFM DOMPurify instance, event handler...

EUVD-2026-10836

In MMDATAIND of cnNrSmMsgHdlrFromMM.cpp, there is a possible EoP due to memory corruption. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-31822 Sylius has a XSS vulnerability in checkout login form

Sylius is an Open Source eCommerce Framework on Symfony. A cross-site scripting XSS vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. When a login attempt fails, AuthenticationFailureHandler returns a JSON response whose message field is...