CVE-2026-24788

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...

PT-2025-46203

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.2.0 through 3.2.4 OpenEXR versions 3.3.0 through 3.3.5 OpenEXR versions 3.4.0 through 3.4.2 Description OpenEXR is an image storage format used in the motion picture industry. A use-after-free condition exists in the PyObjec...

WordPress Plugin Ultimate Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-43193

Name of the Vulnerable Software and Affected Versions Ultimate Blocks versions through 3.3.6 Description The software contains a flaw related to improper input handling during web page creation, which can lead to Cross-site Scripting XSS. This allows for the injection of malicious scripts into we...

WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Lucio Sá in WordPress Plugin AliNext versions = 3.3.6...