CVE-2026-35056 XenForo Remote Code Execution via Authenticated Admin

XenForo before 2.3.9 and before 2.2.18 allows remote code execution RCE by authenticated, but malicious, admin users. An attacker with admin panel access can execute arbitrary code on the server...

DEBIAN-CVE-2025-59830

Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters...

CVE-2025-32218

Missing Authorization vulnerability in RealMag777 TableOn posts-table-filterable allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TableOn: from n/a through = 1.0.5.1...

PT-2021-3618 · Django +3 · Django +3

Name of the Vulnerable Software and Affected Versions: Django versions 2.2 before 2.2.18 Django versions 3.0 before 3.0.12 Django versions 3.1 before 3.1.6 Description: The issue is related to the django.utils.archive.extract method, which is used by "startapp --template" and "startproject...