PT-2026-44762

CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account...

CVE-2026-4174

Radare2 had a low-severity local DoS-like issue in the Mach-O File Parser: the function walk_exports_trie in libr/bin/format/mach0/mach0.c can cause resource consumption. Affected version: 5.9.9; fix is to upgrade to 6.1.2 (patch identified as 4371ae84c99c46b48cb21badbbef06b30757aba0). A PoC exis...

CVE-2026-4174 Radare2 Mach-O File mach0.c walk_exports_trie resource consumption

A vulnerability has been found in Radare2 5.9.9. This issue affects the function walkexportstrie of the file libr/bin/format/mach0/mach0.c of the component Mach-O File Parser. Such manipulation leads to resource consumption. The attack can only be performed from a local environment. The exploit h...

EUVD-2020-22494

Malware in sbrugna...

EUVD-2023-34999

Malicious code in bioql PyPI...

EUVD-2024-3317

Malicious code in bioql PyPI...

CVE-2025-9260 Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 5.1.16 - 6.1.1 - Authenticated (Subscriber+) PHP Object Injection To Arbitrary File Read

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to PHP Object Injection in versions 5.1.16 to 6.1.1 via deserialization of untrusted input in the parseUserProperties function. This makes it possible for authenticated...

PT-2025-35641

Name of the Vulnerable Software and Affected Versions: Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress versions 5.1.16 through 6.1.1 Description: The plugin is susceptible to PHP Object Injection due to deserialization of untrusted input...

Linux Distros Unpatched Vulnerability : CVE-2020-2689

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.36, prior to...

Linux Distros Unpatched Vulnerability : CVE-2020-2705

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.36, prior to...

RHSA-2025:13685 Red Hat Security Advisory: Red Hat JBoss Web Server 6.1.2 release and security update

Bulletin has no description...

RHEL 10 / 8 / 9 : Red Hat JBoss Web Server 6.1.2 (RHSA-2025:13685)

The remote Redhat Enterprise Linux 10 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:13685 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised ...

CVE-2024-35228

Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, eve...

WordPress plugin Float menu 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2024-36135 · Unknown · Login Widget With Shortcode

Name of the Vulnerable Software and Affected Versions: Login Widget With Shortcode versions n/a through 6.1.2 Description: The issue is an Open Redirect vulnerability that allows phishing attacks. This vulnerability exists in the Login Widget With Shortcode and can be exploited to redirect users ...

WordPress plugin Login Widget With Shortcode 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...

Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`

Impact Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even when they have not been granted permission over the model. T...

Vulnerability fixed in Apache ActiveMQ

Apache Software Foundation has fixed a vulnerability in Apache ActiveMQ. A malicious party could exploit the vulnerability to gain access to the API layer and thus access sensitive data in the application using MQ, or potentially execute arbitrary code execute with privileges of the application...

CVE-2023-45585

An insertion of sensitive information into log file vulnerability CWE-532 in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, versi...

CVE-2023-45585

An insertion of sensitive information into log file vulnerability CWE-532 in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, versi...