29 matches found
CVE-2026-9148
The Comments – wpDiscuz plugin for WordPress (affected: versions up to 7.6.56) is vulnerable to Stored XSS via the guest commenter field Website. The root cause is insufficient output escaping in getCommentAuthor(), which interpolates the stored comment_author_url directly into single-quoted HTML...
CVE-2026-10852
CVE-2026-10852 affects IBM WebSphere Application Server and IBM WebSphere Application Server Liberty via the WebSphere WebServer Plug-in. The IBM and NVD entries describe a denial-of-service vulnerability triggered by crafted requests to the web server. Affected versions include IBM WebSphere App...
CVE-2026-7870
CVE-2026-7870 affects IBM i 7.3–7.6 (5770-SS1). Root cause: an unqualified library call (CWE-427) could let a user’s code run with administrator privileges, enabling privilege escalation. Impact: allows elevated rights, with CVSSv3.1 base score 8.8 (HIGH) — attack vector: network, complexity: low...
CVE-2026-2311
CVE-2026-2311 affects IBM i releases 7.6, 7.5, 7.4, 7.3, and 7.2. The root cause is an invalid authorization check in the IBM i Web Administration GUI, enabling privilege escalation where a malicious actor could cause user‑controlled code to execute with administrator privileges. Impact is high (...
CVE-2026-2311 IBM i is affected by a privilege escalation vulnerability in Web Administration GUI []
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege...
PT-2026-36207
Name of the Vulnerable Software and Affected Versions IBM i versions 7.2 through 7.6 Description An invalid authorization check in the IBM i Web Administration GUI allows for privilege escalation. This flaw enables a malicious actor to execute user-controlled code with administrator privileges...
EUVD-2026-11945
Cross-Site Request Forgery CSRF vulnerability in Ruben Garcia GamiPress gamipress allows Cross Site Request Forgery.This issue affects GamiPress: from n/a through = 7.6.6...
WordPress GamiPress plugin <= 7.6.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by letchupkt in WordPress Plugin GamiPress versions = 7.6.6...
CVE-2025-68997
Authorization Bypass Through User-Controlled Key vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through = 7.6.43...
GHSA-P3P5-XRMV-4J6X trytond does not enforce access rights for the route of the HTML editor.
Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...
CVE-2025-36371
Summary: CVE-2025-36371 affects IBM i versions 7.2–7.6. The vulnerability is an information disclosure in the database plan cache implementation that could allow a user with database plan cache access to see information they are not authorized to view. Affected products/versions: IBM i 7.2, 7.3, ...
PT-2025-44724
Name of the Vulnerable Software and Affected Versions IBM i versions 7.2 through 7.6 Description IBM i is susceptible to a privilege escalation issue stemming from an incorrect IBM i SQL services authorization check. An attacker can exploit this to leverage the privileges of another user profile...
CVE-2025-53049
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Analytics Web Administration. Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP...
CVE-2024-48891
An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiSOAR 7.6.0 through 7.6.1, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an attacker who has already obtained a non-login low privileged shell access via...
CVE-2025-1255
Untrusted Pointer Dereference vulnerability in RTI Connext Professional Core Libraries allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9...
Fortinet FortiOS Security Fabric 安全漏洞
Fortinet FortiOS Security Fabric is a network security platform from Fortinet, Inc. A security vulnerability exists in Fortinet FortiOS Security Fabric versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all, 7.0 all, and 6.4 all, which stems from an improper assignment of privileges and could...
WordPress Plugin Link Library Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
SUSE CVE-2022-21326
Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...
PT-2021-6624 · Oracle +1 · Mysql Cluster +1
Name of the Vulnerable Software and Affected Versions: MySQL Cluster versions 7.4.34 and prior MySQL Cluster versions 7.5.24 and prior MySQL Cluster versions 7.6.20 and prior MySQL Cluster versions 8.0.27 and prior Description: The issue is related to a buffer overflow vulnerability in the MySQL...
CVE-2021-23005
On all 7.x and 6.x versions fixed in 8.0.0, when using a Quorum device for BIG-IQ high availability HA for automatic failover, BIG-IQ does not make use of Transport Layer Security TLS with the Corosync protocol. Note: Software versions which have reached End of Software Development EoSD are not...