Splunk AI Toolkit 安全漏洞

The Splunk AI Toolkit is a machine learning and artificial intelligence analysis toolkit developed by Splunk for their own platform. Versions of the Splunk AI Toolkit prior to 5.7.3 contained security vulnerabilities. These vulnerabilities stemmed from modifications to the srchFilter entry in the...

CVE-2026-40786

Missing Authorization vulnerability in Long Watch Studio MyRewards woorewards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyRewards: from n/a through = 5.7.3...

WordPress MyRewards plugin <= 5.7.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Muhan Luo in WordPress Plugin MyRewards versions = 5.7.3...

CVE-2026-40786 WordPress MyRewards plugin <= 5.7.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Long Watch Studio MyRewards woorewards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyRewards: from n/a through = 5.7.3...

CVE-2026-40786

CVE-2026-40786 corresponds to a Missing Authorization vulnerability in the WordPress MyRewards plugin (woorewards) with affected versions cited as ≤ 5.7.3 and a potential impact from misconfigured access control levels. Multiple connected sources (RH, NVD, CVE lists, PATCHSTACK, PT-SEC) consisten...

PT-2026-33052

Name of the Vulnerable Software and Affected Versions MyRewards versions prior to 5.7.4 Description Incorrectly configured access control security levels lead to a missing authorization issue in the MyRewards plugin, which allows for the exploitation of security levels. Recommendations Update to ...

EUVD-2026-5158

Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream or Response with a Web Stream body via...

WordPress Essential Blocks plugin <= 5.7.2 - Missing Authorization To Authenticated (Author+) Information Disclosure vulnerability

Missing Authorization To Authenticated Author+ Information Disclosure vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Essential Blocks for Gutenberg versions = 5.7.2...

CVE-2020-36867

Nagios XI before 5.7.3 has a command-injection vulnerability in the report PDF download/export path. User-supplied values in the PDF generation pipeline or the wrapper invoking offline/pdf tools are not sufficiently validated/escaped, allowing an authenticated attacker who can trigger PDF exports...

EUVD-2020-7876

Malware in sbrugna...

WordPress JoomSport plugin <= 5.7.3 - Unauthenticated Directory Traversal to Local File Inclusion vulnerability

Unauthenticated Directory Traversal to Local File Inclusion vulnerability discovered by mikemyers in WordPress Plugin JoomSport versions = 5.7.3...

CVE-2020-15903

An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3...

CVE-2024-54299

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in revidev Revi.io revi-io-customer-and-product-reviews allows Reflected XSS.This issue affects Revi.io: from n/a through = 5.7.3...

WordPress plugin Revi.io 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site...

PT-2024-36180 · Revi.Io · Revi.Io

Name of the Vulnerable Software and Affected Versions: Revi.io versions n/a through 5.7.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS. Recommendations: For versions n/a through...

PT-2023-8830 · WordPress · Podlove Web Player

Name of the Vulnerable Software and Affected Versions: Podlove Web Player versions through 5.7.3 Description: The issue is related to insufficient authorization procedures in the Podlove Web Player plugin for WordPress, allowing a remote attacker to impact the integrity and confidentiality of...

Debian: Security Advisory (DLA-3270-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Zoom Client < 5.7.3 SSRF Vulnerability (ZSB-21021)

Zoom Client is prone to a server-side request forgery SSRF vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fr...

Server side request forgery (ssrf)

The Zoom Client for Meetings before version 5.7.3 for Android, iOS, Linux, macOS, and Windows contain a server side request forgery vulnerability in the chat's "link preview" functionality. In versions prior to 5.7.3, if a user were to enable the chat's "link preview" feature, a malicious actor...

WordPress 5.7.x < 5.7.3 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A data exposure vulnerability within the REST API. - A Lodash library prior to 4.17.21 vulnerbaility. Note that the scanner has not tested for these issues but has instead...