EUVD-2026-26735

The My Social Feeds – Social Feeds Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 1.0.4 via the 'ttpgetaccounts' AJAX action. This is due to the complete absence of authorization checks no capability verification and nonce...

PT-2026-36567

Name of the Vulnerable Software and Affected Versions My Social Feeds – Social Feeds Embedder versions prior to 1.0.5 Description The plugin is subject to sensitive information exposure via the 'ttp get accounts' AJAX action. The get accounts function lacks authorization checks and nonce...

CVE-2026-40601

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes POST /api/chart/:chartid/query without authentication. The endpoint only checks team.allowReportRefresh and does not verify that the...

CVE-2026-40601 Chartbrew: Missing Authorization in /api/chart/:chart_id/query via team-level refresh toggle

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes POST /api/chart/:chartid/query without authentication. The endpoint only checks team.allowReportRefresh and does not verify that the...

CVE-2026-40601

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes POST /api/chart/:chartid/query without authentication. The endpoint only checks team.allowReportRefresh and does not verify that the...

CVE-2026-40601 Chartbrew: Missing Authorization in /api/chart/:chart_id/query via team-level refresh toggle

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes POST /api/chart/:chartid/query without authentication. The endpoint only checks team.allowReportRefresh and does not verify that the...

CVE-2026-40601

Chartbrew 4.9.0 exposes POST /api/chart/:chart_id/query without authentication. The endpoint only checks team.allowReportRefresh and does not verify chart ownership, report/public status, or sharing policy, allowing an unauthenticated attacker who knows a chart ID to trigger a data refresh and re...

EUVD-2026-26409

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes POST /api/chart/:chartid/query without authentication. The endpoint only checks team.allowReportRefresh and does not verify that the...

chartbrew 安全漏洞

Chartbrew is an open-source data visualization and dashboard building tool developed by Chartbrew. Version 4.9.0 of Chartbrew contains a security vulnerability. This vulnerability stems from the lack of authentication for the POST /api/chart/:chartid/query endpoint. Only the team.allowReportRefre...

PT-2026-36162

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes POST /api/chart/:chart id/query without authentication. The endpoint only checks team.allowReportRefresh and does not verify that the...

CVE-2026-5940

Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes...

CVE-2026-5940

Summary of CVE-2026-5940 : Foxit PDF Editor/Reader contains a use-after-free vulnerability in the annotation flow. The issue arises when a function triggers a UI refresh after removing comments via a script, which may access an invalidated object and cause a crash. The CVE record cites a CVSS v3....

CVE-2026-5940

Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes...

EUVD-2026-25826

Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes...

CVE-2026-5940 Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability

Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes...

Foxit PDF Reader和Foxit PDF Editor 资源管理错误漏洞

Foxit PDF Reader and Foxit PDF Editor are products of Foxit Corporation, a Chinese company. Foxit PDF Reader is a PDF reader. Foxit PDF Editor is a PDF editor. Both Foxit PDF Reader and Foxit PDF Editor have a resource management vulnerability. This vulnerability arises from calling a function th...

RowHammer Vulnerability Counter (RVC): Redefining RowHammer Detection with Victim-Centric Tracking

The Rowhammer vulnerability poses an increasing challenge with newer generations of DRAM and aggressive technology scaling. Existing mitigation techniques, such as Graphene, Twice, and Hydra, primarily rely on tracking activation counts for each row and issuing refreshes when a row reaches a...

PT-2026-35402

Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes...

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-38471, CVE-2025-38250, CVE-2025-38159, CVE-2025-38124, CVE-2024-28956, CVE-2025-21867, CVE-2025-38084, CVE-2025-38085 Vulnerability Details CVEID:CVE-2025-38471...

EUVD-2026-25290

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authentication bypass vulnerability that allows an unauthenticated attacker to obtain OAuth 2.0 access tokens associated with a public chatflow. By accessing a public...