144 matches found
PT-2026-49480
Unauthenticated Sensitive Data Exposure in EmbedPress = 4.5.2 versions...
PT-2026-49363
Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce = 2.2.5 versions...
WordPress Ditty – Responsive News Tickers, Sliders, and Lists plugin <= 3.1.65 - Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability
Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Ditty versions = 3.1.65...
PT-2026-42102
The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'current url' and 'user name' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes...
WordPress MW WP Form plugin <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability
Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Kirasec in WordPress Plugin MW WP Form versions = 5.1.2...
Vulnerabilities in Oracle Identity Manager Connector
Oracle has identified several vulnerabilities in the Oracle Identity Manager Connector version 12.2.1.4.0. These vulnerabilities allow an attacker without authentication to perform unauthorized actions through network access via HTTPS or HTTP, such as creating, deleting, or modifying critical dat...
CVE-2026-34285
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware component: Core. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager...
Oracle HTTP Server 安全漏洞
Oracle HTTP Server is a web server component of Oracle’s Fusion Middleware, developed by Oracle Corporation in the United States. Versions 12.2.1.4.0 and 14.1.2.0.0.0 of Oracle HTTP Server contain security vulnerabilities. These vulnerabilities stem from issues with Core components, which may all...
Oracle多款产品 安全漏洞
Oracle Java SE, among others, are products of Oracle Corporation in the United States. Oracle Java SE is a tool used for developing and deploying Java applications for desktop, server, embedded devices, and real-time environments. Oracle GraalVM is a just-in-time compiler written in the Java...
Oracle Database Server 安全漏洞
Oracle Database Server is a relational database management system developed by Oracle Corporation in the United States. This database management system provides features such as data management and distributed processing. Versions of Oracle Database Server from 23.4.0 to 23.26.1 have security...
Oracle多款产品 安全漏洞
Oracle Java SE, among others, are products of Oracle Corporation in the United States. Oracle Java SE is used for developing and deploying Java applications for desktops, servers, embedded devices, and real-time environments. Oracle GraalVM for JDK is a high-performance, multi-language runtime an...
WordPress LatePoint plugin <= 5.3.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID vulnerability
Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID vulnerability discovered by darkmode in WordPress Plugin LatePoint versions = 5.3.2...
WordPress Export All URLs plugin < 5.1 - Unauthenticated Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure vulnerability discovered by Mohammad Aghdasi in WordPress Plugin Export All URLs versions 5.1...
CVE-2026-4306
The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
WordPress ReviewX - WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin <= 2.2.12 - Unauthenticated Sensitive Information Exposure to Data Export vulnerability
WordPress ReviewX - WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin = 2.2.12 - Unauthenticated Sensitive Information Exposure to Data Export vulnerability discovered by abrahack in WordPress Plugin ReviewX versions = 2.2.12...
glances 安全漏洞
Glances is a system monitoring tool developed by Nicolas Hennion. Versions of Glances prior to 4.5.2 contained security vulnerabilities. These vulnerabilities stemmed from the Central Browser mode, where the/api/4/serverslist endpoint returned server objects without authentication, containing...
WordPress WPBookit plugin <= 1.0.8 - Missing Authorization to Unauthenticated Sensitive Customer Data Exposure vulnerability
Missing Authorization to Unauthenticated Sensitive Customer Data Exposure vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin WPBookit versions = 1.0.8...
CVE-2026-2385
The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.4.7. This is due to the plugin decrypting and trusting...
CVE-2019-25455 Web Ofisi E-Ticaret v3 SQL Injection via ara.html
Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to extract sensitive database information...
PT-2026-21439
XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the gerar pdf.php endpoint with malicious cid values to extract sensitive database...