Astra Linux - уязвимость в mbedtls

Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtlssslsethostname...

CVE-2026-40318

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttributeView endpoint constructs a filesystem path using the user-controlled id parameter without validation or path boundary enforcement. An attacker can inject path traversal...

CVE-2026-40318

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttributeView endpoint constructs a filesystem path using the user-controlled id parameter without validation or path boundary enforcement. An attacker can inject path traversal...

CVE-2026-40322 SiYuan: Mermaid `javascript:` Link Injection Leads to Stored XSS and Electron RCE

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to "loose", and the resulting SVG is injected into the DOM via innerHTML. This allows attacker-controlled javascript: URLs in Mermaid code blocks to...

CVE-2026-40322 SiYuan: Mermaid `javascript:` Link Injection Leads to Stored XSS and Electron RCE

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to "loose", and the resulting SVG is injected into the DOM via innerHTML. This allows attacker-controlled javascript: URLs in Mermaid code blocks to...

WordPress plugin Kadence Blocks — Page Builder Toolkit for Gutenberg Editor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2025-15484

The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, and customers...

WordPress Order Notification for WooCommerce plugin < 3.6.3 - Unauthenticated WooCommerce REST Permission Bypass vulnerability

Unauthenticated WooCommerce REST Permission Bypass vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Order Listener for WooCommerce versions 3.6.3...

CVE-2026-30403

There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server...

wgcloud 安全漏洞

WGCloud is a lightweight distributed server monitoring and operation system developed by Tianshiyeben as an individual developer. Version 3.6.3 of WGCloud contains a security vulnerability. This vulnerability stems from a connection testing feature in the backend database management system, which...

CVE-2026-24564

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through = 3.6.5...

CVE-2026-24564

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through = 3.6.3...

CVE-2026-24564 WordPress Textmetrics plugin <= 3.6.5 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through = 3.6.5...

WordPress plugin Textmetrics has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Raptive Ads plugin <= 3.6.3 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Parasimpaticki in WordPress Plugin Raptive Ads versions = 3.6.3...

SUSE CVE-2025-66491

Traefik is an HTTP reverse proxy and load balancer. Versions 3.5.0 through 3.6.2 have inverted TLS verification logic in the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. Setting the annotation to "on" intending to enable backend TLS certificate verification actually disables...

CVE-2025-66529

Cross-Site Request Forgery CSRF vulnerability in Ays Pro Chartify chart-builder allows Cross Site Request Forgery.This issue affects Chartify: from n/a through = 3.6.3...

CVE-2025-62151 WordPress Virtuaria PagBank / PagSeguro para Woocommerce plugin <= 3.6.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Virtuaria Virtuaria PagBank / PagSeguro para Woocommerce virtuaria-pagseguro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Virtuaria PagBank / PagSeguro para Woocommerce: from n/a through = 3.6.3...

CVE-2025-62151

CVE-2025-62151 is a Missing Authorization/Broken Access Control vulnerability in the WordPress plugin Virtuaria PagBank / PagSeguro para Woocommerce . The issue affects versions from no details yet up to and including 3.6.3 , caused by incorrectly configured access control, enabling unauthorized ...

CVE-2025-66529 WordPress Chartify plugin <= 3.6.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Ays Pro Chartify chart-builder allows Cross Site Request Forgery.This issue affects Chartify: from n/a through = 3.6.3...