CVE-2026-39673

Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iZooto: from n/a through = 3.7.20...

CVE-2026-39673 WordPress iZooto plugin <= 3.7.20 - Broken Access Control vulnerability

Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iZooto: from n/a through = 3.7.20...

PT-2026-31235

CVE-2026-39673 Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects … https://t.co/r8NKv9SG4R...

CVE-2026-33661

Pay is an open-source payment SDK extension package for various Chinese payment services. Prior to version 3.7.20, the verifywechatsign function in src/Functions.php unconditionally skips all signature verification when the PSR-7 request reports localhost as the host. An attacker can exploit this...

CVE-2026-33661

Pay is an open-source payment SDK extension package for various Chinese payment services. Prior to version 3.7.20, the verifywechatsign function in src/Functions.php unconditionally skips all signature verification when the PSR-7 request reports localhost as the host. An attacker can exploit this...

CVE-2026-33661

CVE-2026-33661 affects the yansongda/pay library prior to 3.7.20. The verify_wechat_sign() function incorrectly bypasses RSA signature verification when the PSR-7 request Host header is localhost, allowing an attacker to POST to the WeChat Pay callback with Host: localhost and forge payment succe...

CVE-2026-33661 WeChat Pay callback signature verification bypassed when Host header is localhost

Pay is an open-source payment SDK extension package for various Chinese payment services. Prior to version 3.7.20, the verifywechatsign function in src/Functions.php unconditionally skips all signature verification when the PSR-7 request reports localhost as the host. An attacker can exploit this...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the verifywechatsign function. An attacker can cause unauthorized order status changes by sending a crafted HTTP request with a Host: localhost header, which bypasses signature verification and allows forging...

CVE-2019-11291 RabbitMQ XSS attack via federation and shovel endpoints

Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious use...

Sophos HitmanPro.Alert solution and Sophos Clean SurfRight HitmanPro security vulnerabilities

Sophos HitmanPro.Alert solution and Sophos Clean are both virus protection software from Sophos UK.SurfRight HitmanPro is one of the malware scanning tools available. A security vulnerability exists in versions prior to SurfRight HitmanPro 3.7.20 Build 286 in Sophos HitmanPro.Alert solution and...

Jef Moine abcm2ps 3.7.20 - &#039;.ABC&#039; File Remote Buffer Overflow

source: https://www.securityfocus.com/bid/12022/info abcm2ps is reported prone to a remote buffer overflow vulnerability. This issue arises because the application fails to carry out proper boundary checks before copying user-supplied data into sensitive process buffers. It is reported that this...