Linux Distros Unpatched Vulnerability : CVE-2026-35563

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the...

CVE-2026-35563 Apache Directory LDAP API: LDAP client implementation does not verify if the server certificate matches the intended LDAP hostname

It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificate chain against a trusted authority, the absence of endpoint identification allows a valid...

CVE-2026-39648 WordPress Cream Blog theme <= 2.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Blog: from n/a through = 2.1.7...

CVE-2026-39648

CVE-2026-39648 affects the WordPress Cream Blog theme (Cream Blog) up to version 2.1.7. The issue is a Missing/Incorrectly Configured Access Control vulnerability (Missing Authorization) that allows bypassing normal authorization checks. Documents consistently describe a broken access control vul...

CVE-2026-39565 WordPress WpTravelly plugin <= 2.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpTravelly: from n/a through = 2.1.7...

CVE-2026-39565

CVE-2026-39565 concerns a Missing Authorization vulnerability in the WordPress plugin Travelly (WPTravelly) Tour & Travel Booking Manager for WooCommerce, affecting up to version 2.1.7. Root cause is Incorrectly Configured Access Control Security Levels leading to unauthorized actions. Base CVSS ...

EUVD-2026-20211

Missing Authorization vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpTravelly: from n/a through = 2.1.7...

CVE-2026-39565 WordPress WpTravelly plugin <= 2.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpTravelly: from n/a through = 2.1.7...

WordPress plugin Masteriyo LMS – Online Course Builder for eLearning, LMS & Education 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

CVE-2026-28791

Tina is a headless content management system. Prior to 2.1.7, a path traversal vulnerability exists in the TinaCMS development server's media upload handler. The code at media.ts joins user-controlled path segments using path.join without validating that the resulting path stays within the intend...

CVE-2026-28791 Path Traversal in Media Upload Handle in Tina

Tina is a headless content management system. Prior to 2.1.7, a path traversal vulnerability exists in the TinaCMS development server's media upload handler. The code at media.ts joins user-controlled path segments using path.join without validating that the resulting path stays within the intend...

CVE-2026-28791

Tina is a headless content management system. Prior to 2.1.7, a path traversal vulnerability exists in the TinaCMS development server's media upload handler. The code at media.ts joins user-controlled path segments using path.join without validating that the resulting path stays within the intend...

CVE-2026-28791 Path Traversal in Media Upload Handle in Tina

Tina is a headless content management system. Prior to 2.1.7, a path traversal vulnerability exists in the TinaCMS development server's media upload handler. The code at media.ts joins user-controlled path segments using path.join without validating that the resulting path stays within the intend...

PT-2026-25011

Tina is a headless content management system. Prior to 2.1.7, a path traversal vulnerability exists in the TinaCMS development server's media upload handler. The code at media.ts joins user-controlled path segments using path.join without validating that the resulting path stays within the intend...

CVE-2026-3231

The Checkout Field Editor Checkout Manager for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom radio and checkboxgroup field values submitted through the WooCommerce Block Checkout Store API in all versions up to, and including, 2.1.7. This is due to the...

CVE-2026-25572

A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. The SICAM SIAPP SDK server component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process...

CVE-2026-25571

A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. The SICAM SIAPP SDK client component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process...

CVE-2026-25572

The CVE affects SICAM SIAPP SDK (all versions

Siemens SICAM SIAPP SDK 安全漏洞

Siemens SICAM SIAPP SDK is a software development kit from Siemens, Germany. A buffer overflow vulnerability exists in Siemens SICAM SIAPP SDK versions prior to V2.1.7. The vulnerability stems from a client-side component that does not perform a maximum length check on certain variables before us...

CVE-2025-13612

The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aigpl-gallery-album shortcode in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...