EUVD-2026-15736

Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with shipping labels a2z-fedex-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automated FedEx live/manual rates with shipping labels: from n/a through = 5.1....

CVE-2026-25456

Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with shipping labels a2z-fedex-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automated FedEx live/manual rates with shipping labels: from n/a through = 5.1....

CVE-2026-25456 WordPress Automated FedEx live/manual rates with shipping labels plugin <= 5.1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with shipping labels a2z-fedex-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automated FedEx live/manual rates with shipping labels: from n/a through = 5.1....

CVE-2026-25456

CVE-2026-25456 (A2Z FedEx shipping plugin for WordPress, a2z-fedex-shipping) is a Missing Authorization vulnerability affecting Automated FedEx live/manual rates with shipping labels up to version 5.1.8. Reported with CVSS v3.1 base score 7.5 (Network, High confidentiality impact, No availability...

Security update 5.0.7 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: Non-customer-facing optimization and update golang-github-boynux-squidexporter: Version update from 1.6.0 to 1.13.0 with the following highlighted changes and fixes jscPED-14971: Added compatibility for Squid 6...

PT-2026-27952

Name of the Vulnerable Software and Affected Versions Automated FedEx live/manual rates with shipping labels versions n/a through 5.1.8 Description A missing authorization issue exists in Aarsiv Groups Automated FedEx live/manual rates with shipping labels a2z-fedex-shipping. This allows...

WordPress plugin Automated FedEx live/manual rates with shipping labels 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Exploit for OS Command Injection in Arcane

CVE-2026-23520 — Arcane Lifecycle Label RCE OS Command In...

netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels

...

Cross-site Scripting (XSS)

Overview @pdfme/schemas is a TypeScript base PDF generator and React base UI. Open source, developed by the community, and completely free to use under the MIT license! Affected versions of this package are vulnerable to Cross-site Scripting XSS in the multiVariableText property panel when...

GHSA-XGX4-2WGV-4JHM PDFME has XSS via Unsanitized i18n Label Injection into innerHTML in multiVariableText propPanel

Summary The multiVariableText property panel in @pdfme/schemas constructs HTML via string concatenation and assigns it to innerHTML using unsanitized i18n label values. An attacker who can control label overrides passed through options.labels can inject arbitrary JavaScript that executes in the...

PDFME has XSS via Unsanitized i18n Label Injection into innerHTML in multiVariableText propPanel

Summary The multiVariableText property panel in @pdfme/schemas constructs HTML via string concatenation and assigns it to innerHTML using unsanitized i18n label values. An attacker who can control label overrides passed through options.labels can inject arbitrary JavaScript that executes in the...

CVE-2026-2432

CVE-2026-2432 affects CM Custom Reports – Flexible reporting to track what matters most, a WordPress plugin, with versions up to 1.2.7. The issue is stored cross-site scripting via admin settings/labels, exploitable by authenticated users with administrator-level permissions and above. Affected i...

CVE-2026-23274

CVE-2026-23274 : In the Linux kernel, a bug in netfilter xt_IDLETIMER allows rev0 rules to reuse timers labeled as ALARM if a prior timer exists. This can cause mod_timer() to run on an uninitialized timer_list, triggering debug warnings and potentially a panic when panic_on_warn=1. The fix rejec...

CVE-2026-23274 netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtIDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and always call modtimer on timer-timer. If the label was created first by revision 1 with XTIDLETIMERALARM...

CVE-2026-23274

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtIDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and always call modtimer on timer-timer. If the label was created first by revision 1 with XTIDLETIMERALARM...

WordPress CM Custom Reports plugin <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Labels vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Labels vulnerability discovered by san6051 - PWC in WordPress Plugin CM Custom WordPress Reports and Analytics versions = 1.2.7...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the xtIDLETIMER module allowing rev0 rules to reuse ALARM type timer labels. This could lead to a...

CVE-2026-30873 OpenWrt Project jsonpath: Memory leak when processing strings, labels, and regexp tokens

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jpgettoken function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...

PT-2026-26382

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jp get token function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...