WordPress Plugin RegistrationMagic has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-23992

go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. This can lead to...

go-tuf data falsification vulnerability

go-tuf is a framework developed by The Update Framework for protecting software update systems. Versions of go-tuf from 2.0.0 to 2.3.1 had a data manipulation vulnerability due to improper configuration of the signature threshold. This vulnerability could allow unauthorized modifications to TUF...

CVE-2021-47830

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery CSRF vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not...

EUVD-2026-3150

The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference due to missing capability checks on the wcuploadandsavesignaturehandler function in all versions up to, and including, 4.1116. This makes it possible for...

PT-2026-3171

b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit unauthorized changes to user profiles by tricking victims into loading a specially crafted webpag...

WordPress plugin AffiliateX – Amazon Affiliate Plugin has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-22814

@adonisjs/lucid is an SQL ORM for AdonisJS built on top of Knex. Prior to 21.8.2 and 22.0.0-next.6, there is a Mass Assignment vulnerability in AdonisJS Lucid which may allow a remote attacker who can influence data that is passed into Lucid model assignments to overwrite the internal ORM state...

HPE EdgeConnect SD-WAN Orchestrator 安全漏洞

HPE EdgeConnect SD-WAN Orchestrator is a centralized SD-WAN management platform from HPE America. It provides complete visibility and control over the WAN. A security vulnerability exists in HPE EdgeConnect SD-WAN Orchestrator that stems from the presence of stored cross-site scripting in the web...

EUVD-2026-2414

Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow .github/workflows/ci.yml allows arbitrary code execution from fork pull requests with repository write permissions. The vulnerable workflow uses pullrequesttarget trigger combined with checkout of untrusted PR...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview @adonisjs/lucid is a SQL ORM built on top of Active Record pattern Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the merge and fill methods, as well as record creation and update functions. An attack...

CVE-2026-22814 Mass Assignment in AdonisJS Lucid Allows Overwriting Internal ORM State

@adonisjs/lucid is an SQL ORM for AdonisJS built on top of Knex. Prior to 21.8.2 and 22.0.0-next.6, there is a Mass Assignment vulnerability in AdonisJS Lucid which may allow a remote attacker who can influence data that is passed into Lucid model assignments to overwrite the internal ORM state...

PT-2026-2797

@adonisjs/lucid is an SQL ORM for AdonisJS built on top of Knex. Prior to 21.8.2 and 22.0.0-next.6, there is a Mass Assignment vulnerability in AdonisJS Lucid which may allow a remote attacker who can influence data that is passed into Lucid model assignments to overwrite the internal ORM state...

CVE-2019-20620

An issue was discovered on Samsung mobile devices with P9.0 software. The Settings application allows unauthenticated changes. The Samsung IDs are SVE-2019-13814, SVE-2019-13815 March 2019...

CVE-2023-4920

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobesaveoptions function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged...

PT-2026-1712

Name of the Vulnerable Software and Affected Versions WP Table Builder – Drag & Drop Table Builder plugin for WordPress versions up to and including 2.0.19 Description The WP Table Builder – Drag & Drop Table Builder plugin for WordPress has a flaw where data can be modified without proper...

rustfs 安全漏洞

rustfs is a high-performance object storage system from the RustFS open source. A security vulnerability exists in versions prior to rustfs 1.0.0-alpha.79 that stems from the use of ExportIAMAction instead of ImportIAMAction to validate permissions, which could lead to unauthorized IAM...

Kirby 安全漏洞

Kirby is a file-based content management system CMS from Kirby Open Source. A security vulnerability exists in Kirby versions 5.0.0 through 5.2.1, which stems from a lack of permission checking in the Content Change API that could lead to unauthorized changes...

CVE-2025-31963

Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests...

CVE-2017-6917

CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admin/settings/update/ page. The Colophon can be changed...