CVE-2026-7083

CVE-2026-7083 affects likeadmin-likeshop likeadmin_php up to 1.9.6. The vulnerability is in the function queryResult of server\app\adminapi\lists\tools\DataTableLists.php within the DataTable Admin API. This manipulation leads to a SQL injection vulnerability that can be exploited remotely. The e...

PT-2026-35349

A vulnerability has been found in likeadmin-likeshop likeadmin php up to 1.9.6. Affected by this issue is the function queryResult of the file serverappadminapiliststoolsDataTableLists.php of the component dataTable Admin API. The manipulation leads to sql injection. The attack is possible to be...

EUVD-2026-19295

Fedify affected by resource exhaustion caused by unbounded redirect following during remote key/document resolution...

CVE-2026-34148 Fedify affected by resource exhaustion caused by unbounded redirect following during remote key/document resolution

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to 1.9.6, 1.10.5, 2.0.8, and 2.1.1, @fedify/fedify follows HTTP redirects recursively in its remote document loader and authenticated document loader without enforcing a maximum redirect count or...

EUVD-2026-17294

SciTokens has an Authorization Bypass via Incorrect Scope Path Prefix Checking...

EUVD-2026-17293

SciTokens is vulnerable to SQL Injection in KeyCache...

CVE-2026-32716

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the Enforcer incorrectly validates scope paths by using a simple prefix match startswith. This allows a token with access to a specific path e.g., /john to also access sibling paths that start with the sa...

CVE-2026-32714

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to...

CVE-2026-32716 SciTokens: Authorization Bypass via Incorrect Scope Path Prefix Checking

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the Enforcer incorrectly validates scope paths by using a simple prefix match startswith. This allows a token with access to a specific path e.g., /john to also access sibling paths that start with the sa...

CVE-2026-32716 SciTokens: Authorization Bypass via Incorrect Scope Path Prefix Checking

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the Enforcer incorrectly validates scope paths by using a simple prefix match startswith. This allows a token with access to a specific path e.g., /john to also access sibling paths that start with the sa...

CVE-2026-32716

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the Enforcer incorrectly validates scope paths by using a simple prefix match startswith. This allows a token with access to a specific path e.g., /john to also access sibling paths that start with the sa...

CVE-2026-32716

Summary: SciTokens Enforcer prior to 1.9.6 validates scope paths with a simple prefix match, allowing a token for a path like /john to access sibling paths (/johnathan, /johnny), causing an Authorization Bypass. Affecting: SciTokens library (pre-1.9.6). Root cause: incorrect scope path validation...

CVE-2026-32716 SciTokens: Authorization Bypass via Incorrect Scope Path Prefix Checking

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the Enforcer incorrectly validates scope paths by using a simple prefix match startswith. This allows a token with access to a specific path e.g., /john to also access sibling paths that start with the sa...

CVE-2026-32714 SciTokens vulnerable to SQL Injection in KeyCache

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to...

PT-2026-29184

Name of the Vulnerable Software and Affected Versions SciTokens versions prior to 1.9.6 Description SciTokens is a library for generating and using SciTokens. The Enforcer component incorrectly validates scope paths using a simple prefix match, allowing a token with access to a specific path to...

CVE-2026-22385

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in don-themes Wolmart wolmart allows PHP Local File Inclusion.This issue affects Wolmart: from n/a through = 1.9.6...

CVE-2026-22385

CVE-2026-22385 is a Local File Inclusion (LFI) flaw in the WordPress Wolmart theme. Data from multiple sources confirms an Improper Control of Filename for Include/Require Statement in PHP, enabling LFI via Wolmart

WordPress plugin Wolmart 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2025-69337

CVE-2025-69337 corresponds to an SQL Injection vulnerability in the WordPress Wolmart Core plugin (wolmart-core) up to version 1.9.6. The issue is described as a Blind SQL Injection arising from improper neutralization of special elements in SQL commands. Wordfence’s vulnerability feed lists Wolm...

PT-2026-21146

Name of the Vulnerable Software and Affected Versions don-themes Wolmart Core versions through 1.9.6 Description The software contains a flaw due to improper neutralization of special elements within SQL commands, leading to a potential SQL Injection issue. This allows for Blind SQL Injection. Th...