Bylancer Zechat SQL注入漏洞

Bylancer Zechat is a PHP instant messaging system developed by Bylancer Corporation, which supports real-time messages, group chat, and social interactions. Version 1.5 of Bylancer Zechat has a SQL injection vulnerability. This vulnerability arises from injecting SQL code via the uname parameter,...

JLSEC-2026-524

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...

PT-2026-23871

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 1.5.0 Description Netmaker, a networking tool utilizing WireGuard, contains an issue where a user with the platform-user role can access WireGuard private keys for all configurations within a network. This occurs...

CVE-2025-69395

CVE-2025-69395 is a confirmed WordPress ThemeGable Local File Inclusion in ThemeREX Gable (versions

WordPress plugin Ironfit 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2025-32467

Use of uninitialized variable for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access wh...

CVE-2026-24117

Rekor is a software supply chain transparency log. In versions 1.4.3 and below, attackers can trigger SSRF to arbitrary internal services because /api/v1/index/retrieve supports retrieving a public key via user-provided URL. Since the SSRF only can trigger GET requests, the request cannot mutate...

CVE-2026-22458

CVE-2026-22458 corresponds to a Missing Authorization vulnerability in Mikado-Themes Wanderland Wanderland WordPress theme. Public documents consistently describe it as an “Incorrectly Configured Access Control Security Levels” issue affecting Wanderland versions from n/a up to and including 1.5....

PT-2026-3913

Name of the Vulnerable Software and Affected Versions Horilla versions prior to 1.5.0 Description Horilla is a Human Resource Management System HRMS. The has xss function in version 1.4.0 attempts to prevent Cross-Site Scripting XSS by using regular expressions to filter input. However, these...

PT-2026-4298

Name of the Vulnerable Software and Affected Versions Rekor versions 1.4.3 and below Description Rekor is a software supply chain transparency log. A Server-Side Request Forgery SSRF exists in versions 1.4.3 and below due to the /api/v1/index/retrieve endpoint supporting retrieval of a public key...

PT-2026-3912

Horilla is a free and open source Human Resource Management System HRMS. Versions 1.4.0 and above expose unpublished job postings through the /recruitment/recruitment-details// endpoint without authentication. The response includes draft job titles, descriptions and application link allowing...

GHSA-6G8Q-HP2J-GVWV Harvest May Expose OS Default SSH Login Password Via SUSE Virtualization Interactive Installer

Impact Projects using the SUSE Virtualization Harvester environment are vulnerable to this exploit if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is utiliz...

CVE-2015-10145

Gargoyle router management utility versions 1.5.x expose an authenticated OS command execution vulnerability in /utility/run_commands.sh due to improper validation of the commands parameter. An authenticated attacker can execute arbitrary shell commands on the device, potentially leading to full ...

WordPress plugin Quran Gateway 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

EUVD-2025-203539

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeNectar Salient Shortcodes salient-shortcodes allows Stored XSS.This issue affects Salient Shortcodes: from n/a through = 1.5.4...

CVE-2025-62896 WordPress Multilang Contact Form plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in digitaldonkey Multilang Contact Form multilang-contact-form allows Stored XSS.This issue affects Multilang Contact Form: from n/a through = 1.5...

EUVD-2025-27715

Malicious code in bioql PyPI...

CVE-2025-59155

hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery SSRF vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied vi...

KB5065430: Windows 10 LTS 1507 Security Update (September 2025)

The remote Windows host is missing security update 5065430. It is, therefore, affected by multiple vulnerabilities - SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make t...

CVE-2025-27214

A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent access to perform an unauthorized factory reset. Affected Products: UniFi Connect EV Station Pro Version 1.5.18 and earlier Mitigation: Update Uni...