Apache Shiro 安全漏洞

Apache Shiro is a suite of Java security frameworks for performing authentication, authorization, encryption, and session management from the Apache Foundation USA. A security vulnerability exists in Apache Shiro versions 1.0 through 2.1.0 and 3.0.0-alpha-1, which stems from a session fixation...

CVE-2026-9157

The CVE-2026-9157 entry documents a vulnerability in Gmission Web Fax affecting Web Fax versions 3.0 before 3.1. It is caused by improper input validation and unrestricted upload of a file with a dangerous type, enabling Remote Code Inclusion. According to CVSS 3.1, the impact is High (C/H, I/H, ...

CVE-2026-39386

Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated user can immediately obtain full administrative control of the entire Neko instance member management, room settings, broadcast control, session...

K000160557: OpenSSL vulnerability CVE-2025-69418

Security Advisory Description Issue summary: When using the low-level OCB API directly with AES-NI or other hardware-accelerated code paths, inputs whose length is not a multiple of 16 bytes can leave the final partial block unencrypted and unauthenticated. Impact summary: The trailing 1-15 bytes...

CVE-2026-25377 WordPress Addon Jobsearch Chat plugin <= 3.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows SQL Injection.This issue affects Addon Jobsearch Chat: from n/a through = 3.0...

CVE-2026-25377 WordPress Addon Jobsearch Chat plugin <= 3.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows SQL Injection.This issue affects Addon Jobsearch Chat: from n/a through = 3.0...

PT-2026-27928

Name of the Vulnerable Software and Affected Versions eyecix Addon Jobsearch Chat versions n/a through 3.0 Description The eyecix Addon Jobsearch Chat addon contains a flaw due to improper neutralization of special elements used in an SQL command, leading to a SQL injection issue. This allows for...

ZKTeco ZKBioSecurity 跨站请求伪造漏洞

ZKTeco ZKBioSecurity is a web-based integrated platform developed by ZKTeco Corporation in China. Version 3.0 of ZKTeco ZKBioSecurity contains a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery, allowing attackers to trick users into accessing...

ZKTeco ZKBioSecurity 安全漏洞

ZKTeco ZKBioSecurity is a web-based integrated platform developed by ZKTeco Corporation in China. Version 3.0 of ZKTeco ZKBioSecurity contains security vulnerabilities. These vulnerabilities stem from user enumeration, and could allow unverified attackers to discover valid usernames by submitting...

ZKTeco ZKBioSecurity 安全漏洞

ZKTeco ZKBioSecurity is a web-based integrated platform developed by ZKTeco in China. Version 3.0 of ZKTeco ZKBioSecurity contains a security vulnerability. This vulnerability stems from improper handling of file paths, which may allow attackers to access arbitrary files by modifying file paths...

EUVD-2026-10285

A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /DoraCMS/server/app/router/api/v1.js. Performing a manipulation results in path traversal. The attack can be initiated remotely. The exploit has been released to the public and may...

EUVD-2026-9871

The Graph is an indexing protocol for querying networks like Ethereum, IPFS, Polygon, and other blockchains. Prior to version 3.0.0, a flaw in the token vesting contracts allows users to access tokens that should still be locked according to their vesting schedule. This issue has been patched in...

CVE-2025-12081

The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "acfphotogalleryeditsave" function in all versions up to, and including, 3.0. This makes it possible for authenticated attackers, with subscriber level acce...

Sciyon Koyuan Thermoelectricity Heat Network SQL注入漏洞

Sciyon Koyuan Thermoelectricity Heat Network is a heat network management system developed by the Chinese company Sciyon. Version 3.0 of Sciyon Koyuan Thermoelectricity Heat Network has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the PGUID parameter in the...

CVE-2026-26736

CVE-2026-26736 affects TOTOLINK A3002RU_V3 firmware version 3.0.0-B20220304.1804, where a stack-based buffer overflow is triggered via the static_ipv6 parameter in the formIpv6Setup function. The description identifies the vulnerability root cause as improper handling of input for static_ipv6, po...

CVE-2026-1826

The OpenPOS Lite – Point of Sale for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter of the orderqrcode shortcode in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible fo...

CVE-2026-1826

The OpenPOS Lite – Point of Sale for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter of the orderqrcode shortcode in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible fo...

CVE-2026-0867

CVE-2026-0867 affects the WordPress Essential Widgets plugin (versions up to and including 3.0). The issue is Stored Cross-Site Scripting in the ew-author, ew-archive, ew-category, ew-page, and ew-menu shortcodes caused by insufficient input sanitization and output escaping on user-supplied attri...

Drive Software Free Desktop Clock 安全漏洞

Drive Software Free Desktop Clock is a clock software developed by the Drive Software company. Version 3.0 of Drive Software Free Desktop Clock contains a security vulnerability. This vulnerability stems from a stack overflow issue when entering time zone names, which may lead to the execution of...

PT-2026-6570

Name of the Vulnerable Software and Affected Versions Free Desktop Clock version 3.0 Description Free Desktop Clock 3.0 contains a stack overflow issue in the Time Zones display name input. This allows attackers to overwrite Structured Exception Handler SEH registers. Exploitation involves crafti...