CVE-2026-25882

Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vulnerability results from missing validation during route...

CVE-2026-27471 ERP: Document access through endpoints due to missing validation

ERP is a free and open source Enterprise Resource Planning tool. In versions up to 15.98.0 and 16.0.0-rc.1 and through 16.6.0, certain endpoints lacked access validation which allowed for unauthorized document access. This issue has been fixed in versions 15.98.1 and 16.6.1...

WordPress plugin Whatsiplus Scheduled Notification for Woocommerce 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-20777

The Simple Membership plugin for WordPress is vulnerable to Improper Handling of Missing Values in all versions up to, and including, 4.7.0 via the Stripe webhook handler. This is due to the plugin only validating webhook signatures when the stripe-webhook-signing-secret setting is configured,...

CVE-2026-1306

The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affecte...

CVE-2026-2004

CVE-2026-2004 affects PostgreSQL with the intarray extension: the selectivity estimator’s input type validation is missing, enabling arbitrary code execution as the database OS user. Affected versions are before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21. The document provides the exploitatio...

CVE-2026-1228

The CVE-2026-1228 entry concerns the Timeline Block – Beautiful Timeline Builder for WordPress plugin for WordPress, affected up to version 1.3.3. The vulnerability is an Insecure Direct Object Reference in the tlgb_shortcode() function caused by missing validation of a user-controlled key, allow...

CVE-2025-47363

Memory corruption when calculating oversized partition sizes without proper checks...

EUVD-2025-206606

Memory corruption when calculating oversized partition sizes without proper checks...

PT-2026-5257

Name of the Vulnerable Software and Affected Versions TeamViewer DEX Client former 1E Client versions prior to 26.1 Description A flaw exists due to insufficient validation of user-supplied data within the Content Distribution Service NomadBranch.exe of the TeamViewer DEX Client. This allows a...

CVE-2026-1400

The AI Engine – The Chatbot and AI Framework for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resthelpersupdatemediametadata function in all versions up to, and including, 3.3.2. This makes it possible for authenticated attacker...

CVE-2025-69420

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...

CVE-2025-69420

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...

CVE-2025-13374

The Kalrav AI Agent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the kalravuploadfile AJAX action in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...

WordPress plugin Alex User Counter has a vulnerability related to cross-site request forgeing.

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-67230

Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to invoke external protocol handlers without sufficient validation...

CVE-2025-15351

CVE-2025-15351 affects Anritsu VectorStar. A flaw in CHX file parsing enables deserialization of untrusted data, allowing remote code execution. The issue arises from insufficient validation during CHX data handling, with exploitation requiring user interaction (visiting a malicious page or openi...

WordPress Stopwords for comments plugin cross-site request forgery vulnerability

The WordPress Stopwords for comments plugin is a pre-screening tool designed to help webmasters filter out user comments that contain certain banned words i.e. "stopwords". comments. The WordPress Stopwords for comments plugin suffers from a cross-site request forgery vulnerability that stems fro...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the LivewireFilemanagerComponent.php process due to missing file type and MIME validation. An attacker can execute arbitrary code by uploading a malicious PHP file and accessing it via the /storage/ URL. This...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001358)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001358 advisory. An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfsrootnode when mounting a crafted btrfs image, because of...