CVE-2025-67903

Northern.tech Mender Client 5 before 5.0.4 allows a Cryptographic signature verification bypass...

CVE-2018-25324

The CVE-2018-25324 entry concerns the WordPress plugin Simple Fields versions 0.2–0.3.5, which contains a local file inclusion (LFI) flaw via the wp_abspath parameter. Unauthenticated attackers can read arbitrary files (e.g., /etc/passwd) by injecting null bytes into wp_abspath on PHP versions be...

CVE-2026-22924

A vulnerability has been identified in SIMATIC CN 4100 All versions V5.0. The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion conditions. This could allow an attacker to disrupt normal operations or perform unauthorized actions...

Linux Distros Unpatched Vulnerability : CVE-2026-26209

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial ...

Anchore Enterprise SQL注入漏洞

Anchore Enterprise is a container image security analysis and compliance management platform developed by Anchore Company in the United States. Versions of Anchore Enterprise prior to 5.25.1 contained a SQL injection vulnerability. This vulnerability stemmed from the GraphQL Reports API’s SQL...

Studio Fabryka DobryCMS 代码问题漏洞

Studio Fabryka DobryCMS is a content management system developed by Studio Fabryka. Versions of Studio Fabryka DobryCMS prior to version 5.0 had code vulnerabilities. These vulnerabilities stemmed from defects in the file upload functionality, which could lead to remote code execution...

CVE-2026-22765

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges...

CVE-2025-64190

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows DOM-Based XSS.This issue affects XStore Core: from n/a through 5.6...

CVE-2025-34256

Advantech WISE-DeviceOn Server (prior to 5.4) uses a static HS512 HMAC secret to sign EIRMMToken JWTs, enabling forged tokens with a valid email claim. This allows remote, unauthenticated attackers to impersonate any DeviceOn account, including the root super admin, and obtain full administrative...

EUVD-2020-30809

Nagios XI versions prior to 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface edit page. Exploitation requires an account with administrative privileges to access the affected interface. A user with administrative access could supply crafted input that is not properly...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.2.4, which stems from insufficient...

WordPress Sahifa theme < 5.8.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Sahifa versions 5.8.6...

Linux Distros Unpatched Vulnerability : CVE-2018-3291

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. The supported version that is affected is Prior to 5.2.20. Easi...

CVE-2025-4687 Account pre-hijacking through invite misuse

In Teltonika Networks Remote Management System RMS, it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge. The victims account a...

StrangeBee TheHive 代码问题漏洞

StrangeBee TheHive is an application from StrangeBee, Inc. A code issue vulnerability exists in StrangeBee TheHive versions prior to 5.5.1 that stems from server-side request forgery and could lead to access to internal resources...

CVE-2021-24364

The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tiegetuserweather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting XSS vulnerability...

CVE-2019-19016

An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an attacker to extract sensitive information from the appliance database...

CVE-2025-39366

Incorrect Privilege Assignment vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0...

CVE-2025-39350

CVE-2025-39350 : WordPress wProject theme prior to 5.8.0 suffers an unauthenticated post/comment/attachment modification/deletion vulnerability. Exploitation requires no authentication, enabling an attacker to modify or delete content on vulnerable sites running wProject

CVE-2025-39365 WordPress wProject theme < 5.8.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rocket Apps wProject allows Reflected XSS.This issue affects wProject: from n/a before 5.8.0...