PT-2026-42443

Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from 3.0 before 3.1...

CVE-2026-40982

Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from...

CVE-2026-39386

Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated user can immediately obtain full administrative control of the entire Neko instance member management, room settings, broadcast control, session...

com.flowlogix:flowlogix-datamodel (>=4.0.1 <=4.0.9), com.flowlogix:flowlogix-jee (>=4.0.1 <=4.0.9) +24 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=3.1 <=3.14.12)

org.omnifaces:omnifaces MAVEN version =3.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =1.1.0, =1.1.0, =3.0.0, =3.0.0, =3.0.0, =4.14.5, =4.18.1 and more Source cves: CVE-2026-41883 Source advisory: OSV:GHSA-VP6R-9M58-5XV8...

WordPress plugin Grand Blog 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-3762

A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown function of the file /superadmindeletemanager.php of the component Endpoint. The manipulation of the argument managerid leads to improper authorization. It is possible to initiate th...

CVE-2026-1910 UpMenu <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'upmenu-menu' Shortcode 'lang' Attribute

The UpMenu – Online ordering for restaurants plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lang' attribute of the 'upmenu-menu' shortcode in all versions up to, and including, 3.1. This is due to insufficient input sanitization and output escaping on user supplied...

@tinacms/app (>=2.3.12 <=2.3.15), @tinacms/cli (>=2.0.0 <=2.0.3) +1 more potentially affected by CVE-2025-68278 via tinacms (>=3.0.0 <=3.1.0)

tinacms NPM version =3.0.0, =2.3.12, =2.0.0, =0.1.12, =0.1.15 Source cves: CVE-2025-68278 Source advisory: SNYK:JS-TINACMS-14535449...

CVE-2025-40765

A vulnerability has been identified in TeleControl Server Basic V3.1 All versions = V3.1.2.2 V3.1.2.3. The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote attacker to obtain password hashes of users and to login to and perform...

EUVD-2024-40615

Malicious code in bioql PyPI...

EUVD-2025-30517

Malicious code in bioql PyPI...

EUVD-2025-28121

Malicious code in bioql PyPI...

CVE-2025-9231

Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private...

CVE-2025-36064

IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials...

CVE-2025-9038 S1 Agile Privilege Escalation

Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.This issue affects S1 Agile Configuration Software: 3.1 and previous version...

PT-2025-38727

Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.This issue affects S1 Agile Configuration Software: 3.1 and previous version...

CVE-2025-8316

The Certifica WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘evento’ parameter in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

Linux Distros Unpatched Vulnerability : CVE-2020-11013

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. lookup is a Helm template function introduced in Helm v3. ...

WordPress MK Google Directions plugin <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin MK Google Directions versions = 3.1...

CVE-2024-12452

The Ziggeo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ziggeoevent' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...