EUVD-2026-39672

Unauthenticated SQL Injection in wpDataTables = 7.4 versions...

EUVD-2026-36522

Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access...

CVE-2026-49938

Fortinet FortiPortal is affected by an improper access control vulnerability (CVE-2026-49938) impacting FortiPortal versions 7.4.0–7.4.7, 7.2.0–7.2.8, and all 7.0 versions. The issue is described as improper access control with an attack vector placeholder, indicating a possible exposure where an...

CVE-2019-25735

AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Attackers can craft a malicious URL, paste it into the Open URL dialog, and trigger SEH-based code...

GHSA-54PG-9963-V8VG Compromised version of intercom-client published to npm

Impact On April 30, 2026, version 7.0.4 of intercom-client was published to npm using credentials obtained from a compromised developer account. This version was not produced by Intercom's build pipeline. The malicious version contained an obfuscated JavaScript payload that executed during packag...

ROS-20260505-73-0001

Vulnerability in zabbix7.4 related to the use of externally controlled input data for class selection. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260505-73-0002

Vulnerability in zabbix7.4 related to argument injection or modification. Exploitation of the vulnerability can allow an attacker to execute arbitrary commands...

CVE-2026-7429

CVE-2026-7429 affects SSCMS v7.4.0 and describes a reflected cross‑site scripting flaw in the STL processing endpoint. The vulnerability arises from improper output encoding in the /api/stl/actions/dynamic endpoint, where malicious STL template payloads can be decrypted and returned without sanit...

CVE-2026-35201

Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INTMAX are truncated to a signed int before entering the native parser,...

CVE-2026-35201

Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INTMAX are truncated to a signed int before entering the native parser,...

CVE-2026-30897

A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute...

CVE-2025-68277

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, when a link is sent via Secure Messaging, clicking the link opens the website within the OpenEMR/Portal site. This behavior could be exploited for phishing. Version 7.0...

PT-2026-21824

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 7.0.4 Description OpenEMR is an open source electronic health records and medical practice management application. Prior to version 7.0.4, the disposeDocument method in EtherFaxActions.php allows authenticated users t...

Injection cipher-base Dependency in Jira Service Management Data Center and Server

This High severity Injection vulnerability was introduced in versions 10.3.0, 11.0.0, 11.1.0, and 11.2.0 of Jira Service Management Data Center and Server. This Injection vulnerability, with a CVSS Score of 7.4 and a CVSS Vector of code:java CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:Hcode allows...

CVE-2025-63010

Server-Side Request Forgery SSRF vulnerability in ThemesInflow Hercules Core hercules-core allows Server Side Request Forgery.This issue affects Hercules Core : from n/a through = 7.4...

CVE-2025-63010

Server-Side Request Forgery SSRF vulnerability in ThemesInflow Hercules Core hercules-core allows Server Side Request Forgery.This issue affects Hercules Core : from n/a through = 7.4...

CVE-2025-64379 WordPress Booster for WooCommerce plugin <= 7.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through = 7.4.0...

CVE-2025-57741

An Incorrect Permission Assignment for Critical Resource vulnerability CWE-732 in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitrary code or commands via LaunchDaemon hijacking...

Korzh EasyQuery SQL注入漏洞

Korzh EasyQuery is a query builder software from Korzh. A SQL injection vulnerability exists in Korzh EasyQuery 7.4.0 and earlier versions, which stems from improper handling of files/api/easyquery/models/nwind/fetch in the Query Builder UI component, which can lead to SQL injection attacks...

@liferay/dxp-7.4 (>=71.0.0 <=71.0.2), @liferay/portal-7.4 (=69.0.0) potentially affected by CVE-2025-43761 via liferay-ckeditor (=4.18.0-liferay.4)

liferay-ckeditor NPM version =4.18.0-liferay.4 is affected by a known vulnerability. The following packages have a transitive dependency on liferay-ckeditor and may be impacted: - @liferay/dxp-7.4 =71.0.0, =71.0.2 - @liferay/portal-7.4 =69.0.0 Source cves: CVE-2025-43761 Source advisory:...