CVE-2026-43827

CVE-2026-43827 affects Apache Shiro. In affected versions (1.0–2.1.0 and 3.0.0-alpha-1), an existing session is not invalidated nor a new session with a new ID issued after login, enabling session fixation. Upgraded fixes are available in 2.1.1 and 3.0.0-alpha-2 or later; apply the patch to mitig...

Security Bulletin: InfoSphere Optim Test Data Fabrication is affected by Arbitrary File Read (CVE-2026-3366)

Summary InfoSphere Optim Test Data Fabrication Resource Manager is affected by Arbitrary File Read via Path Traversal CVE-2026-3366. Vulnerability Details CVEID:CVE-2026-3366 DESCRIPTION: IBM InfoSphere Optim Test Data Fabrication could allow a remote attacker to traverse directories on the syste...

WordPress plugin Bootstrap Shortcode 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

11x-wagtail-blog (>=0.0.0 <=0.2.0), adede (=4.1.0) +201 more potentially affected by CVE-2026-44201 via wagtail (>=1.0.0 <=7.0.0)

wagtail PYPI version =1.0.0, =0.0.0, =0.57.1, =0.1.0a0.dev0, =4.1.0, =4.3.0, =2.28.0, =0.5.0, =0.3.1, =6.3.8 and more Source cves: CVE-2026-44201 Source advisory: OSV:GHSA-P5GM-92H4-6PV6...

CVE-2026-42264

Summary: CVE-2026-42264 affects Axios, a promise-based HTTP client for browser/Node.js. The vulnerability lies in the HTTP adapter: from 1.0.0 up to, but not including, 1.15.2, certain config properties (auth, baseURL, socketPath, beforeRedirect, insecureHTTPParser) are read via direct property a...

WordPress Coachific Shortcode plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'userhash' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'userhash' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Coachific Shortcode versions = 1.0...

Tenda 4G03 安全漏洞

The Tenda 4G03 is a wireless router produced by the Chinese company Tenda. The Tenda 4G03 Pro 1.0 version, 1.0re version, 01.bin version, and 04.03.01.53 version have security vulnerabilities, which stem from the use of hardcoded encryption keys...

CVE-2026-27076 WordPress LuxeDrive theme <= 1.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes LuxeDrive luxedrive allows PHP Local File Inclusion.This issue affects LuxeDrive: from n/a through = 1.0...

Winter vulnerable to privilege escalation by authenticated backend users

Impact Affected versions of Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their account through specially crafted requests to the backend while logged in. To actively exploit this security...

CVE-2026-3730

A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /hotel/admin/modamenities/index.php?view=edit. Performing a manipulation of the argument amenid/rmtypeid results in sql injection. The attack is possible ...

CVE-2026-3762

A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown function of the file /superadmindeletemanager.php of the component Endpoint. The manipulation of the argument managerid leads to improper authorization. It is possible to initiate th...

@castai/n8n-nodes-kimchi (=0.0.2), @cognigy/cognigy-cli (>=1.9.7 <=2.2.7) +30 more potentially affected by CVE-2026-27795 via @langchain/community (>=1.0.0 <=1.1.16)

@langchain/community NPM version =1.0.0, =1.9.7, =0.0.1, =0.1.0, =0.2.0, =0.20.0, =0.21.0, =0.0.16, =1.4.13, =1.0.1, =1.0.0, =3.1.0, =3.1.2 and more Source cves: CVE-2026-27795 Source advisory: SNYK:JS-LANGCHAINCOMMUNITY-15354988...

CVE-2025-67970

CVE-2025-67970 is a real vulnerability in vertim Schedula schedula-smart-appointment-booking (WordPress plugin) with Broken/ Missing Authorization due to incorrectly configured access control. Affected versions are schedula-smart-appointment-booking up to and including 1.0. The Red Hat and CVE ec...

Doruk Wispotter 安全漏洞

Doruk Wispotter is a WiFi hotspot management and marketing system developed by the Turkish company Doruk. Versions of Wispotter from 1.0 up to v2025.10.08.1 contained security vulnerabilities. These vulnerabilities were due to improper restrictions on authentication attempts and inadequate...

WordPress Geo Widet plugin <= 1.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Geo Widget versions = 1.0...

WordPress plugin QuestionPro Surveys 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-59482 Heap-based Buffer Overflow Vulnerability in TP-Link Archer AX53

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected...

PT-2026-5925

Name of the Vulnerable Software and Affected Versions TP-Link Archer AX53 versions 1.0 through 1.3.1 Build 20241120 Description A heap-based buffer overflow exists in the tmpserver modules of TP-Link Archer AX53. This flaw allows authenticated attackers in an adjacent network to trigger a...

PT-2026-5933

Name of the Vulnerable Software and Affected Versions TP-Link Archer AX53 versions 1.0 through 1.3.1 Build 20241120 Description A heap-based buffer overflow exists in the tmpserver modules of the TP-Link Archer AX53. An authenticated attacker in a nearby network can trigger a segmentation fault o...

CVE-2026-0749

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...