EUVD-2026-22319

A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1,...

CVE-2026-23708

A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA...

Fortinet FortiSOAR PaaS和Fortinet FortiSOAR on-premise 授权问题漏洞

Fortinet FortiSOAR PaaS and Fortinet FortiSOAR on-premise are security orchestration, automation, and response software developed by the American company Fortinet. There are authorization-related vulnerabilities in Fortinet FortiSOAR PaaS and FortiSOAR on-premise. These vulnerabilities stem from...

River Past Video Cleaner 缓冲区错误漏洞

River Past Video Cleaner is a software tool developed by River Past Corporation, designed for batch conversion and repair of video formats and timestamps. Version 7.6.3 of River Past Video Cleaner contains a buffer error vulnerability. This vulnerability stems from a buffer overflow in the...

CVE-2026-25464

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through = 7.6.4...

CVE-2026-1376

IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources...

IBM i 安全漏洞

IBM i is an operating system developed by the American International Business Machines IBM company, which runs on IBM Power Systems and IBM PureSystems. Version 7.6 of IBM i contains a security vulnerability. This vulnerability stems from improper resource allocation, and it could allow remote...

CVE-2026-32420

Cross-Site Request Forgery CSRF vulnerability in Ruben Garcia GamiPress gamipress allows Cross Site Request Forgery.This issue affects GamiPress: from n/a through = 7.6.6...

CVE-2026-27348

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Photography allows DOM-Based XSS.This issue affects Photography: from n/a before 7.7.6...

Odin Secure FTP Expert 安全漏洞

Odin Secure FTP Expert is an FTP client software developed by Odin Secure Corporation. Version 7.6.3 of Odin Secure FTP Expert contains a security vulnerability, which stems from improper handling of site information fields, potentially leading to application crashes...

CVE-2025-13820

The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to log in to any user when knowing their email address when such user does not have an account on disqus.com yet...

CVE-2025-68997

Authorization Bypass Through User-Controlled Key vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through = 7.6.43...

CVE-2025-64205

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through = 7.6.0...

CVE-2025-64207 WordPress Jannah theme <= 7.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TieLabs Jannah jannah allows DOM-Based XSS.This issue affects Jannah: from n/a through = 7.6.0...

CVE-2025-64205 WordPress Jannah theme <= 7.6.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through = 7.6.0...

@1024pix/storybook-ember (=7.1.1), @asherng/storybook (>=0.0.18 <=0.1.14) +31 more potentially affected by CVE-2025-68429 via @storybook/builder-webpack5 (>=7.0.0 <=7.6.20)

@storybook/builder-webpack5 NPM version =7.0.0, =0.0.18, =0.0.0-dev-main.202308160724, =1.6.5, =3.50.0-next.2, =9.0.0-next.3, =0.1.3, =0.0.1, =7.4.0-alpha.2.1, =8.0.0, =1.0.0-alpha.4, =0.0.3, =0.0.1, =6.0.0-canary.234, =6.0.0-canary.234, =6.0.0-canary.318 and more Source cves: CVE-2025-68429 Sour...

Fortinet FortiExtender 操作系统命令注入漏洞

Fortinet FortiExtender is a wireless WAN wide area network extender device from Fortinet, Inc. An operating system command injection vulnerability exists in Fortinet FortiExtender versions 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, all versions of 7.2, and all versions of 7.0, which originates fro...

PT-2025-48977

An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests...

Linux Distros Unpatched Vulnerability : CVE-2025-66422

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back server setup information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.7...

PT-2025-48651

The Zigaform plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.6.5. This is due to the plugin exposing a public AJAX endpoint that retrieves form submission data without performing authorization checks to verify ownership or access rights. Th...