WordPress ExactMetrics plugin 8.6.0-9.0.2 - Authenticated (Custom) Insecure Direct Object Reference to Arbitrary Plugin Installation

Authenticated Custom Insecure Direct Object Reference to Arbitrary Plugin Installation vulnerability discovered by Ali Sünbül in WordPress Plugin ExactMetrics versions 8.6.0-9.0.2...

EUVD-2026-11127

The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the storesettings method in the ExactMetricsOnboarding class accepting a user-supplied triggeredby parameter that is used instead of...

CVE-2026-1992

The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the storesettings method in the ExactMetricsOnboarding class accepting a user-supplied triggeredby parameter that is used instead of...

CVE-2025-64493

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 8.6.0 through 8.9.0, there is an authenticated, blind time-based SQL-injection inside the appMetadata-operation of the GraphQL-API. This allows extraction of arbitrary data from the...

CVE-2025-64493

In SuiteCRM versions 8.6.0–8.9.0, an authenticated, blind (time-based) SQL injection exists in the appMetadata operation of the GraphQL API, allowing extraction of arbitrary data without admin access. Affected component: GraphQL API, operation appMetadata. Root cause: improper handling/validation...

CVE-2025-12563 Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Incorrect Authorization to Video File Upload

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to limited file upload due to an incorrect capability check on theuploadVideo function in all versions up to, and including, 8.6.0. This makes it possible for authenticated attackers, with Subscriber-level acce...

CVE-2023-34988

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters...

CVE-2023-34986

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters...

CVE-2023-34989

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters...

PT-2023-6021 · Fortinet · Fortiwlm

Name of the Vulnerable Software and Affected Versions: FortiWLM versions 8.5.0 through 8.5.4 FortiWLM versions 8.6.0 through 8.6.5 Description: The issue is related to an improper neutralization of special elements used in an OS command, also known as 'os command injection'. This allows an attack...

Vulnerability fixed in Atlassian Confluence

Atlassian has fixed a vulnerability in Confluence. A unauthenticated malicious person could exploit the vulnerability to cause cause a denial-of-service on the application. Atlassian has released updates to fix the vulnerability in Confluence 8.6.0, 8.5.1 and 7.19.14. For more information, see:...

Fortinet FortiWLC 缓冲区错误漏洞

The Fortinet FortiWLC is a wireless LAN controller from Fortinet. A buffer error vulnerability exists in Fortinet FortiWLC. The vulnerability stems from a boundary error in the FortiWLC's command line interface, which allows a local user to run specially crafted CLI commands to trigger access to...

Unspecified Vulnerability in Oracle Knowledge

Oracle Knowledge is the United States Oracle Oracle company's set of knowledge management solutions. Information Manager Console is one of the information management console components. A security vulnerability exists in the Information Manager Console component of Oracle Knowledge versions 8.6.0...

CVE-2020-2524

Vulnerability in the Oracle Knowledge product of Oracle Knowledge component: InQuira Search. Supported versions that are affected are 8.6.0-8.6.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of...

CVE-2019-10974

NREL EnergyPlus, Versions 8.6.0 and possibly prior versions, The application fails to prevent an exception handler from being overwritten with arbitrary code...

CVE-2019-10974

NREL EnergyPlus, Versions 8.6.0 and possibly prior versions, The application fails to prevent an exception handler from being overwritten with arbitrary code...

Zimbra Collaboration Suite mailboxd User Enumeration Vulnerability

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Zimbra, Inc. that includes WebMail, Calendar, Address Book, and more. mailboxd is one of the email components. A security vulnerability exists in mailboxd in ZCS versions 8.8 before 8.8.8, 8.7 before 8.7.11.Patch3, and 8.6...