7072 matches found
CVE-2026-4564
A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulation of the argument invokeTarget leads to code injection. It is possible to launch the attack...
CVE-2026-4564 yangzongzhuan RuoYi Quartz Job job code injection
A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulation of the argument invokeTarget leads to code injection. It is possible to launch the attack...
PT-2026-27036
Name of the Vulnerable Software and Affected Versions yangzongzhuan RuoYi versions up to 4.8.2 Description A security issue exists in yangzongzhuan RuoYi, specifically within the Quartz Job Handler component. The issue involves code injection stemming from manipulation of the invokeTarget argumen...
EUVD-2026-14167
The Performance Monitor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.6. This is due to insufficient validation of the 'url' parameter in the '/wp-json/performance-monitor/v1/curldata' REST API endpoint. This makes it possible for...
CVE-2026-1648
The Performance Monitor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.6. This is due to insufficient validation of the 'url' parameter in the '/wp-json/performance-monitor/v1/curldata' REST API endpoint. This makes it possible for...
CVE-2026-1648 Performance Monitor <= 1.0.6 - Unauthenticated Server-Side Request Forgery via 'url' Parameter
The Performance Monitor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.6. This is due to insufficient validation of the 'url' parameter in the '/wp-json/performance-monitor/v1/curldata' REST API endpoint. This makes it possible for...
CVE-2026-1648 Performance Monitor <= 1.0.6 - Unauthenticated Server-Side Request Forgery via 'url' Parameter
The Performance Monitor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.6. This is due to insufficient validation of the 'url' parameter in the '/wp-json/performance-monitor/v1/curldata' REST API endpoint. This makes it possible for...
CVE-2026-1648
The Performance Monitor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.6. This is due to insufficient validation of the 'url' parameter in the '/wp-json/performance-monitor/v1/curldata' REST API endpoint. This makes it possible for...
CVE-2026-1648
The CVE-2026-1648 entry concerns the WordPress Performance Monitor plugin (versions up to 1.0.6). It describes a Server-Side Request Forgery (SSRF) in the /wp-json/performance-monitor/v1/curl_data endpoint caused by insufficient validation of the 'url' parameter. This allows unauthenticated attac...
WordPress plugin Performance Monitor 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension that can ...
PT-2026-26814
The Performance Monitor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.6. This is due to insufficient validation of the 'url' parameter in the '/wp-json/performance-monitor/v1/curl data' REST API endpoint. This makes it possible for...
GHSA-2XR4-CHCF-VMVF The Query Monitor plugin for WordPress has Reflected Cross-Site Scripting via Request URI
Impact The Query Monitor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'REQUESTURI' parameter in all versions up to, and including, 3.20.3 due to insufficient output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...
The Query Monitor plugin for WordPress has Reflected Cross-Site Scripting via Request URI
Impact The Query Monitor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'REQUESTURI' parameter in all versions up to, and including, 3.20.3 due to insufficient output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...
PT-2026-26494
Name of the Vulnerable Software and Affected Versions Query Monitor versions prior to 3.20.4 Description The Query Monitor plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses vertx-core-5.0.4.jar which is vulnerable to CVE-2026-1002.
Summary IBM Maximo Application Suite - Monitor Component uses vertx-core-5.0.4.jar which is vulnerable to CVE-2026-1002. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be...
CVE-2026-32293 GL-iNet Comet (GL-RM1) KVM insufficient certificate validation
The GL-iNet Comet GL-RM1 KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will attempt to use the...
Free real estate: GoPix, the banking Trojan living off your memory
Introduction GoPix is an advanced persistent threat targeting Brazilian financial institutions' customers and cryptocurrency users. It represents an evolved threat targeting internet banking users through memory-only implants and obfuscated PowerShell scripts. It evolved from the RAT and Automate...
EUVD-2026-11921
Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Studio99 WP Monitor: from n/a through = 1.0.3...
CVE-2026-32404
Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Studio99 WP Monitor: from n/a through = 1.0.3...
CVE-2026-32404
The vulnerability concerns the WordPress Studio99 WP Monitor plugin (version