CVE-2026-10201

A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead to divide by zero. The attack needs to be launched locally. The exploit has be...

CVE-2026-9243

The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carouseldirection' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the...

CVE-2026-5243

CVE-2026-5243 affects The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress. The vulnerability is a stored XSS in the Navigation Menu Lite widget’s menu_hover_click parameter present in all versions up to 6.4.11, caused by insuf...

WordPress Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin <= 6.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Essential Blocks for Gutenberg versions = 6.0.4...

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an issue in plexus-utils

Summary There is a vulnerability in plexus-utils used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE CVE-2025-67030. Vulnerability Details CVEID:CVE-2025-67030 DESCRIPTION: Directory Traversal vulnerability ...

EUVD-2026-25377

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL injection vulnerability in the haproxysectionsave function in app/routes/config/routes.py. The serverip parameter, sourced from the URL path, is passed unsanitized through...

CVE-2026-6629

The CVE concerns Metasoft MetaCRM (up to v6.4.0) in the Interface component, specifically the file sql.jsp and its Statement.executeUpdate function. The vulnerability is a SQL injection caused by manipulation of the sql argument, enabling remote exploitation. Public exploit disclosure is noted, a...

CVE-2026-28871

A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4. Visiting a maliciously crafted website may lead to a cross-site scripting attack...

SUSE CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyzestring in progs/infocmp.c...

CVE-2026-21743

The CVE-2026-21743 issue affects Fortinet FortiAuthenticator releases 6.6.0–6.6.6, all 6.5 series, and all 6.4 and 6.3 versions. It is a missing authorization vulnerability where a read-only user could modify local users by uploading a file to an unprotected endpoint. The CVSS 3.1 base score is 7...

PT-2026-7280

Name of the Vulnerable Software and Affected Versions Fortinet FortiAuthenticator versions 6.3 through 6.6.6 Fortinet FortiAuthenticator 6.5 all versions Fortinet FortiAuthenticator 6.4 all versions Description A missing authorization issue in FortiAuthenticator may allow a user with read-only...

EUVD-2025-203993

ChurchCRM is an open-source church management system. A stored cross-site scripting XSS vulnerability exists in ChurchCRM versions 6.4.0 and prior that allows a low-privilege user with the “Manage Groups” permission to inject persistent JavaScript into group role names. The payload is saved in th...

Fortinet FortiAuthenticator 访问控制错误漏洞

Fortinet FortiAuthenticator is a centralized user identity management solution from Fortinet, Inc. An access control error vulnerability exists in Fortinet FortiAuthenticator versions 6.6.0 through 6.6.4, all versions 6.5, all versions 6.4, and all versions 6.3, which stems from improper access...

Revive Adserver: INI Format string injection in Revive Adserver 6.0.4 settings

Vulnerability description not provided...

[BSA-126] Security Update for incus

Mathias Gibbens uploaded new packages for incus which fixed the following security problems: CVE ID : CVE-2025-64507 It was discovered that Incus, a system container and virtual machine manager, is prone to a local privilege escalation vulnerability if unprivileged users are allowed access to Inc...

Fedora: Security Advisory (FEDORA-2025-8af4de0f83)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2025-35450

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in AmentoTech Taskbot taskbot allows Path Traversal.This issue affects Taskbot: from n/a through = 6.4...

CVE-2025-58959

The CVE-2025-58959 entry corresponds to a path traversal flaw in WordPress Taskbot (plugin Taskbot) versions up to and including 6.4. The underlying issue is improper limitation of a pathname to a restricted directory, enabling traversal attacks. In affected reports from Red Hat/NVD/CVE listings,...

PT-2025-43267

Name of the Vulnerable Software and Affected Versions Simple User Registration versions prior to and including 6.4 Description A privilege assignment issue exists in N-Media Simple User Registration. This allows for privilege escalation. Recommendations Update Simple User Registration to a versio...

EUVD-2025-34715

In FileX before 6.4.2, the file support module for Eclipse Foundation ThreadX, there was a possible buffer overflow in the FileX RAM disk driver. It could cause a remote execurtion after receiving a crafted sequence of packets...