CVE-2026-11447 GL.iNet GL-MT3000 MTK Backend iwinfo.so iwinfo_backend command injection

A security flaw has been discovered in GL.iNet GL-MT3000 up to 4.4.5. Impacted is the function iwinfobackend of the file iwinfo.so of the component MTK Backend. The manipulation of the argument device results in command injection. The attack can be executed remotely. The exploit has been released...

PT-2026-47175

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN 0042e200 of the file /cgi-bin/glc of the component SET USER PWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version...

PT-2026-36953

Name of the Vulnerable Software and Affected Versions AWP Classifieds versions prior to 4.4.6 Description Insufficient escaping of user-supplied parameters and lack of proper preparation in SQL queries allow unauthenticated attackers to append additional SQL queries. This issue occurs via the...

PT-2025-6590 · WordPress · The Return Refund/Exchange For Woocommerce – Return Management System

Name of the Vulnerable Software and Affected Versions: The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress versions up to, and including, 4.4.5 Description: The issue allows unauthenticated attackers to...

PT-2025-2262 · WordPress · Icontrolwp

Name of the Vulnerable Software and Affected Versions: iControlWP – Multiple WordPress Site Manager plugin for WordPress versions up to, and including, 4.4.5 Description: The issue is related to PHP Object Injection via deserialization of untrusted input from the reqpars parameter. This allows...

PT-2024-34645 · Yeswiki · Yeswiki

Name of the Vulnerable Software and Affected Versions: YesWiki versions prior to 4.4.5 Description: The use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is due to the...

CVE-2023-41667

Cross-Site Request Forgery CSRF vulnerability in Ulf Benjaminsson WP-dTree plugin = 4.4.5 versions...

security flaw

Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to 1 the GLOBALS array or 2 the session data in SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701...

security flaw

Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to 1 the GLOBALS array or 2 the session data in SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701...