PT-2026-28649

Name of the Vulnerable Software and Affected Versions plank/laravel-mediable versions through 6.4.0 Description The software is susceptible to arbitrary file upload when it accepts or prefers a client-supplied MIME type during file upload handling. An attacker can submit a file containing...

CVE-2025-54820

A Stack-based Buffer Overflow vulnerability CWE-121 vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is...

org.glassfish.mq:mq-client (>=6.4.0 <=6.8.0), org.glassfish.mq:mq-cluster (>=6.4.0 <=6.8.0) +13 more potentially affected by CVE-2026-24457 via org.glassfish.mq:mqbroker-comm (>=6.4.0 <=6.8.0)

org.glassfish.mq:mqbroker-comm MAVEN version =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.8.0 Source cves: CVE-2026-24457 Source advisory: SNYK:JAVA-ORGGLASSFISHMQ-15468292...

WordPress plugin Business Directory Plugin – Easy Listing Directories SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

Fortinet FortiOS 信息泄露漏洞

Fortinet FortiOS is a security operating system developed by the American company Fortinet, specifically designed for use on the FortiGate network security platform. This system provides users with various security features, including firewalls, antivirus protection, IPSec/SSLVPN, web content...

CVE-2025-13497

CVE-2025-13497 : The Recras WordPress plugin is affected by a Stored Cross‑Site Scripting (XSS) flaw via the shortcode attribute recrasname . The issue is exploitable by authenticated attackers with at least Contributor privileges to inject web scripts that execute when users visit the injected p...

CVE-2025-67596

Cross-Site Request Forgery CSRF vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Cross Site Request Forgery.This issue affects Business Directory: from n/a through = 6.4.19...

PT-2025-43276

Name of the Vulnerable Software and Affected Versions AmentoTech Taskbot versions through 6.4 Description AmentoTech Taskbot contains a flaw related to improper limitation of a pathname to a restricted directory, which allows for path traversal. This could potentially allow an attacker to access...

CVE-2023-23778

A relative path traversal vulnerability CWE-23 in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated user to obtain unauthorized access to files and data via specifically crafted web requests...

CVE-2022-21591

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: UI Infrastructure. Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2022-39409

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: Business Process Automation. Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle...

IBM Sterling Control Center 安全漏洞

IBM Sterling Control Center is an application system from International Business Machines IBM, Inc. A centralized monitoring and management system. A security vulnerability exists in IBM Sterling Control Center versions 6.2.1, 6.3.1, and 6.4.0 that originates from a web page that can be stored...

Fortinet FortiSIEM 安全漏洞

Fortinet FortiSIEM is a security information and event management system from Fortinet. The system includes features such as asset discovery, workflow automation, and unified management. A security vulnerability exists in Fortinet FortiSIEM that stems from improper authorization and could allow a...

WordPress wp-Monalisa plugin <= 6.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin wp-Monalisa versions = 6.4...

PT-2024-32542 · Elementor · Elementsready Addons For Elementor

Name of the Vulnerable Software and Affected Versions: ElementsReady Addons for Elementor versions n/a through 6.4.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

WordPress plugin Weaver Xtreme Theme Support 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-35431

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the server. NOTE: Third parties have indicated other versions are also vulnerable including up to 6.4.1...

CVE-2024-32706

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Repute info systems ARForms.This issue affects ARForms: from n/a through 6.4...

WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary WordPress Options Removal vulnerability

Subscriber+ Arbitrary WordPress Options Removal vulnerability discovered by Dave Jong Patchstack in WordPress Plugin ARForms versions = 6.4...

VulnCheck KEV: CVE-2024-32703

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...