PT-2026-44760

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to generic SQL Injection via the 'order' parameter in all versions up to, and including, 3.28.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

PT-2026-37005

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.10 Description An authorization bypass exists where gateway 'operator.write' message-tool paths can access Matrix profile persistence, which should require admin-level authority. This occurs due to insufficien...

CVE-2026-2002

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the formname parameter in all versions up to, and including, 1.50.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-9292

A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful...

CVE-2026-0714

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...

EUVD-2018-16647

Malware in sbrugna...

EUVD-2024-54818

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-10296

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DML. Supported versions that are affected are 5.7.18 and earlier. Easily...

PT-2025-30195 · Idnow · Idnow App

Name of the Vulnerable Software and Affected Versions: IDnow App versions up to 9.6.0 Description: A problematic issue has been identified in the IDnow App for Android, potentially leading to improper export of Android application components due to manipulation of the AndroidManifest.xml file...

CVE-2024-23189

Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to the users account, access to another account within the same context or an successful social engineering...

CVE-2021-27208

When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand’s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code...

CVE-2019-2899

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware component: OAM. Supported versions that are affected are 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromis...

Geovision GV-ASManager 6.1.10 Cross Site Request Forgery

Geovision GV-ASManager versions 6.1.10 and below suffer from a cross site request forgery vulnerability. CVE-2024-56901 CVE-2024-56901 - A Cross-Site Request Forgery CSRF vulnerability in Geovision GV-ASManager web application with the version 6.1.1.0 or less that allows attackers to arbitrarily...

Formatter Suite - Moderately critical - Cross site scripting - SA-CONTRIB-2025-026

Formatter Suite provides a suite of field formatters to help present numbers, dates, times, text, links, entity references, files, and images. The module provides a custom formatter for link fields. Drupal core does not sufficiently sanitize link element attributes, which can lead to a Cross Site...

CVE-2019-8900

CVE-2019-8900 concerns a SecureROM vulnerability in some Apple devices that allows an unauthenticated local attacker to execute arbitrary code on boot. Exploitation requires physical access: device must be connected to a computer and booted in DFU mode; the change is not persistent across reboots...

Protected: zQA Content Editing Styles

This content is password protected. To view it please enter your password below: Password:...

cri-o: Checkpoint restore can be triggered from different namespaces

A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the validations run on the...

ABB FLXEON Controllers

SUMMARY An update is available that resolves a privately reported vulnerability in the product versions listed as affected in this advisory. FLXEON devices are not intended to be internet-facing. A product advisory issued in June 2023 informed customers of this parameter. An attacker can...

CVE-2024-13176

Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would...

Vulnerabilities discovered in Veritas Enterprise Vault

Vulnerabilities have been discovered in Veritas Enterprise Vault Specifically for versions earlier than 15.2. The vulnerabilities are in how Veritas Enterprise Vault handles the deserialization of untrusted data sent through a .NET Remoting TCP port. This enables malicious actors to execute...