CVE-2026-6514 InfusedWoo Pro <= 5.1.2 - Unauthenticated Arbitrary File Read via 'url' Parameter

The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popupsubmit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...

CVE-2026-5736

A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the component detailPlus Endpoint. The manipulation of the argument...

EUVD-2026-19896

A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be execute...

PowerJob SQL注入漏洞

PowerJob is an open-source distributed computing and job scheduling framework developed by PowerJob. It allows developers to easily schedule tasks within their applications. Versions 5.1.0, 5.1.1, and 5.1.2 of PowerJob contain SQL injection vulnerabilities. These vulnerabilities stem from incorre...

CVE-2025-13616

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system...

IBM DataStage on Cloud Pak for Data 操作系统命令注入漏洞

IBM DataStage on Cloud Pak for Data is an enterprise-level data integration solution provided by IBM Corporation. Versions 5.1.2 to 5.3.0 of IBM DataStage on Cloud Pak for Data contain an operating system command injection vulnerability. This vulnerability stems from improper input validation in...

IBM DataStage on Cloud Pak for Data 操作系统命令注入漏洞

IBM DataStage on Cloud Pak for Data is an enterprise-level data integration solution provided by IBM Corporation. Versions 5.1.2 to 5.3.0 of IBM DataStage on Cloud Pak for Data contain an operating system command injection vulnerability. This vulnerability stems from improper input validation in...

CVE-2026-3179

The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listings. A malicious server or MITM attacker can craft filenames containing path traversal sequences, causing the client to write files outside the intended backup directory. A path...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment (CVE-2025-13689)

Summary Runtime environment is used by DataStage on Cloud Pak for Data as part of upload file processing. Vulnerability Details CVEID:CVE-2025-13689 DESCRIPTION: DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive informatio...

CVE-2025-12090

The Employee Spotlight – Team Member Showcase & Meet the Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Social URLs in all versions up to, and including, 5.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-12090 Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Employee Spotlight – Team Member Showcase & Meet the Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Social URLs in all versions up to, and including, 5.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

PT-2023-7755 · Fortinet · Fortiwan

Name of the Vulnerable Software and Affected Versions: FortiWAN versions 5.1.1 through 5.1.2 FortiWAN versions 5.2.0 through 5.2.1 Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as a 'path traversal' vulnerability. This may allow an...

Couchbase Server Cross-Site Scripting Vulnerability

Couchbase Server is a distributed open source NoSQL non-relational database from the U.S. company Couchbase , which mainly supports data query , full-text search and active global replication and other functions . A cross-site scripting vulnerability exists in Couchbase Server versions 5.5.0 and...

Fortinet FortiWeb Cross-Site Scripting Vulnerability

Fortinet FortiWeb is the United States of America Fitta Fortinet a protection, load balancing and acceleration of web applications, database information exchange between the web application layer firewall. A cross-site scripting vulnerability in Fortinet FortiWeb versions 5.1.2 through 5.3.4 allo...

sysstat insecure temporary file usage

The init script sysstat.in in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code...

security flaw

Cross-site scripting XSS vulnerability in phpinfo info.c in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including 1 a large number of dimensions or 2 long values, which prevents HTML tags from being removed...

security flaw

Cross-site scripting XSS vulnerability in phpinfo info.c in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including 1 a large number of dimensions or 2 long values, which prevents HTML tags from being removed...