EUVD-2026-11073

The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...

CVE-2026-3453 ProfilePress <= 4.16.11 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration

The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...

Quill has DoS via unbounded read of HTTP response body during notarization

Impact Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not possible under standard network conditions due to HTTPS with proper TLS...

GHSA-G32C-4PVP-769G Quill has DoS via unbounded read of HTTP response body during notarization

Impact Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not possible under standard network conditions due to HTTPS with proper TLS...

Lenovo Vantage和Lenovo Baiying 安全漏洞

Lenovo Vantage and Lenovo Baiying are both products of the Chinese company Lenovo. Lenovo Vantage is a computer management application. It supports functions such as driver updates, device status diagnosis, and computer configuration. Lenovo Baiying is an asset management software. Both Lenovo...

Shopware 安全漏洞

Shopware is a set of open-source e-commerce software developed by the German company Shopware GmbH. Versions prior to Shopware 6.6.10.15 and 6.7.8.1 contained security vulnerabilities. These vulnerabilities stemmed from defects in the application registration process, which could allow attackers ...

Cisco IOS XR 安全漏洞

Cisco IOS XR is an operating system developed by the American company Cisco for its network devices. There is a security vulnerability in Cisco IOS XR, which stems from insufficient input validation of IS-IS packet headers. This vulnerability may lead to unexpected restarts of the IS-IS process a...

PT-2026-24788

Epross AVCON6 systems management platform contains an object-graph navigation language OGNL injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions. Attackers can send crafted requests to the login.action endpoint with OG...

PT-2026-24678

An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges...

PT-2026-24893

Name of the Vulnerable Software and Affected Versions yauzl version 3.2.0 Description yauzl, also known as Yet Another Unzip Library, version 3.2.0 for Node.js contains an off-by-one error within the getLastModDate function, specifically in the NTFS extended timestamp extra field parser. The...

EUVD-2026-10857

In EfwApTransport::ProcessRxRing of efwaptransport.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-10856

In EfwApTransport::ProcessRxRing of efwaptransport.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-30954

LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs...

CVE-2026-0123

The CVE-2026-0123 entry concerns the EfwApTransport::ProcessRxRing function in efw_ap_transport.cc, where an out-of-bounds write can occur due to a missing bounds check. This vulnerability is described as enabling local elevation of privilege with no additional execution privileges required and n...

CVE-2026-30954

Affected software: LinkAce (self-hosted archive). Vulnerable component: processTaxonomy() in LinkRepository.php. Root cause / what happens: In 2.1.0 and earlier, authenticated users can attach other users’ private tags and lists to their own links by passing integer IDs. Impact (as stated): allow...

CVE-2026-30954 LinkAce has a Cross-User Tag/List Attachment IDOR in processTaxonomy()

LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs...

EUVD-2026-10877

LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs...

CVE-2026-30954 LinkAce has a Cross-User Tag/List Attachment IDOR in processTaxonomy()

LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs...

CVE-2026-30930 Glances has SQL Injection via Process Names in TimescaleDB Export

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...

CVE-2026-30930 Glances has SQL Injection via Process Names in TimescaleDB Export

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...