CVE-2026-2519 Online Scheduling and Appointment Booking System – Bookly <= 27.0 - Unauthenticated Price Manipulation via 'tips'

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to price manipulation via the 'tips' parameter in all versions up to, and including, 27.0. This is due to the plugin trusting a user-supplied input without server-side validation against the configure...

CVE-2026-0749

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...

EUVD-2026-4876

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...

@angular-devkit/build-angular (>=20.1.0 <=20.2.0-next.2), @angular/build (>=20.1.0 <=20.2.0-next.2) +59 more potentially affected by CVE-2025-58751 via vite (>=7.0.0 <=7.0.6)

vite NPM version =7.0.0, =20.1.0, =20.1.0, =0.0.4, =0.2.9, =1.190.0, =0.1.0, =19.3.2, =19.3.2, =0.0.1750946288791, =0.0.2, =0.0.7, =0.3.4 and more Source cves: CVE-2025-58751 Source advisory: OSV:GHSA-G4JQ-H2W9-997C...

Linux Distros Unpatched Vulnerability : CVE-2019-2960

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.27 and prior and 8.0.17 a...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal versions 7.X- through 7.X-1.15, which stems from the inclusion of an untrusted data deserialization vulnerability...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 9.7.x through 9.7.5, 9.8.x through 9.8.2, and 9.9.x through 9.9.2, which stems from an inability to properly propagate privilege scheme updates...

WordPress Ultimate TinyMCE plugin <= 5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin TinyMCE versions = 5.7...

Drupal Loft Data Grids module < 7.x-2.7,< 7.x-3.0 - Authenticated Multiple Vulnerabilities

Authenticated Multiple Vulnerabilities discovered by Juraj Nemec in WordPress Module Loft Data Grids versions 7.x-2.7, 7.x-3.0...

CVE-2023-45498

VinChin Backup & Recovery v5.0., v6.0., v6.7., and v7.0. was discovered to contain a command injection vulnerability...

CVE-2023-46376

Zentao Biz version 8.7 and before is vulnerable to Information Disclosure...

PT-2023-32093 · Unknown +2 · Otrs Community Edition +2

Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.46 OTRS versions 8.0.X through 8.0.36 OTRS Community Edition versions 6.0.X through 6.0.34 Description: An attacker who is logged into OTRS as a user with privileges to create and change customer user data may...

SUSE CVE-2009-2990

Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors...

Microsoft Windows Kernel 安全漏洞

Microsoft Windows Kernel is the kernel of the Windows operating system by Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows Kernel. The following products and editions are affected:Windows 10 Version 21H1 for ARM64-based Systems,Windows 10 Version 21H1 for 32-bit...

CVE-2021-38879

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 209057...

PT-2022-2742 · Siemens · Simatic Pcs 7 +2

Name of the Vulnerable Software and Affected Versions: SIMATIC PCS 7 versions V8.2 through V9.1 SIMATIC PCS 7 version V9.0 through V9.0 SP3 UC06 SIMATIC PCS 7 version V9.1 through V9.1 SP1 UC01 SIMATIC WinCC Runtime Professional versions V16 and earlier SIMATIC WinCC Runtime Professional version...

MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size which is exploited via specially crafted SQL statements.

...

PT-2022-3547 · Mendix · Mendix

Name of the Vulnerable Software and Affected Versions: Mendix Applications using Mendix 7 versions prior to 7.23.27 Mendix Applications using Mendix 8 versions prior to 8.18.14 Mendix Applications using Mendix 9 versions prior to 9.12.0 Mendix Applications using Mendix 9 V9.6 versions prior to...

CVE-2021-37726

A remote buffer overflow vulnerability was discovered in HPE Aruba Instant IAP versions: Aruba Instant 8.7.x.x: 8.7.0.0 through 8.7.1.2. Aruba has released patches for Aruba Instant IAP that address this security vulnerability...

CVE-2021-25650

A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services...