CVE-2026-42758

Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 4.08.253...

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in Hackney versions 0 through prior to 4.0.1, which stems from a URL query component that does not percentile encode CRLF characters, potentially resulting in HTTP request splitting...

DEBIAN-CVE-2026-48832

action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...

CVE-2026-24573

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Visualizer allows Stored XSS. This issue affects Visualizer: from n/a before 4.0.0...

CVE-2026-24573 WordPress Visualizer plugin < 4.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Visualizer allows Stored XSS. This issue affects Visualizer: from n/a before 4.0.0...

GFI HelpDesk 安全漏洞

GFI HelpDesk is an open-source service request and ticket management system for enterprise IT support processes developed by GFI. Versions of GFI HelpDesk prior to 4.99.9 contained security vulnerabilities. These vulnerabilities stemmed from insufficient cleaning of the companyname POST parameter...

CVE-2026-4432

CVE-2026-4432 concerns the YITH WooCommerce Wishlist WordPress plugin prior to 4.13.0. Publicly exposed nonce in the /wishlist page allows unauthenticated attackers to rename any wishlist, due to insufficient ownership validation in the save_title() AJAX handler. Technical details across connecte...

SUSE CVE-2026-5302

CORS misconfiguration in CoolerControl/coolercontrold 4.0.0 allows unauthenticated remote attackers to read data and send commands to the service via malicious websites...

CVE-2026-5300

Unauthenticated functionality in CoolerControl/coolercontrold 4.0.0 allows unauthenticated attackers to view and modify potentially sensitive data via HTTP requests...

CVE-2026-5208 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in coolercontrold

Command injection in alerts in CoolerControl/coolercontrold 4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names...

CVE-2026-32364 WordPress Turbo Manager plugin < 4.0.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in redqteam Turbo Manager turbo-manager allows PHP Local File Inclusion.This issue affects Turbo Manager: from n/a through 4.0.8...

CVE-2026-24004 Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of individual Android devices from Fleet...

CVE-2026-27745 SPIP interface_traduction_objets < 2.2.2 Authenticated RCE

The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that is rendered without SPIP output filtering. Because...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003081)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003081 advisory. The replacemapfdwithmapptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local use...

CVE-2026-22800 PILOS affected by a CSRF via GET request allows unintentional termination of all active video conferences

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. Prior to 4.10.0, Cross-Site Request Forgery CSRF vulnerability exists in an administrative API endpoint responsible for terminating all active video conferences on a single server. The affected endpoint performs ...

CVE-2023-4158

Cross-site Scripting XSS - Stored in GitHub repository omeka/omeka-s prior to 4.0.3...

CVE-2025-64213

CVE-2025-64213 describes an information disclosure in the WordPress plugin MasterStudy LMS Pro (styles: MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro) where sensitive data can be retrieved due to insertion of sensitive information into sent data. Affected version range is Mas...

CVE-2025-40937

A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected application do not properly validate input parameters in its REST API, resulting in improper handling of unexpected arguments. This could allow an authenticated attacker to execute arbitrary code with limited...

CVE-2017-20209 Nagios Fusion < 4.0.1 XSS via Users/Servers Page

Nagios Fusion versions prior to 4.0.1 are vulnerable to cross-site scripting XSS via the Users and Servers pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

Nagios Fusion 安全漏洞

Nagios Fusion is a centralized monitoring and visualization platform from the US-based Nagios, Inc. A security vulnerability exists in Nagios Fusion versions prior to 4.2.0, which stems from an uncleaned user input in the LDAP/AD authentication server configuration and could lead to a stored...