CVE-2025-9989

CVE-2025-9989 – Broadstreet WordPress plugin : The vulnerability affects Broadstreet plugin versions

CVE-2026-7619 Charitable <= 1.8.10.4 - Authenticated (Custom+) SQL Injection via 's' Search Parameter

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 1.8.10.4 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2026-7635

The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0. This is due to the plugin failing to validate or strip PHP serialization syntax from the User-Agent HTTP header before storing it in the logmeta...

CVE-2026-7619

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 1.8.10.4 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2025-61972

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network SMN access, potentially resulting in arbitrary code execution in AMD Secure Processor ASP and loss of the SEV-SNP guest's confidentiality and integrity...

CVE-2025-61972

The CVE-2025-61972 entry describes a vulnerability in AMD NBIO where missing lock bit protection on NBIO registers can be exploited by a local admin with high privileges to gain arbitrary System Management Network (SMN) access. This can potentially lead to arbitrary code execution within the AMD ...

EUVD-2025-209811

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity...

CVE-2025-61971

The CVE-2025-61971 entry concerns missing lock bit protection for NBIO registers in AMD systems, enabling a locally privileged attacker to modify MMIO routing configurations and potentially compromise SEV-SNP guest integrity. Connected sources confirm affected component as NBIO registers and MMIO...

CVE-2025-61971

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity...

EUVD-2026-29878

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5...

EUVD-2026-29879

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connection test feature. This issue is fixed in FileMaker Cloud 2.22.0.5...

ANTI-FLUFF

PENTESTINGMETHS Main view example: Web Application As...

PT-2026-40815

Name of the Vulnerable Software and Affected Versions CubeCart versions prior to 6.7.0 Description An Authenticated Server-Side Template Injection SSTI exists in multiple modules, including Email Templates, Invoices, Documents, and Contact Forms. The application unsafely evaluates user-supplied...

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS software enable an authenticated administrator t...

PT-2026-40806

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates and Documents. The application unsafely evaluates user-supplied input directly through the Smarty templat...

AMD多款产品 安全漏洞

AMD EPYC is a high-performance server processor developed by American semiconductor company AMD. Several AMD products have security vulnerabilities. These vulnerabilities could allow local administrator attackers to gain arbitrary system management network access, potentially enabling them to...

CVE-2025-27852

CVE-2025-27852 affects Garmin WDU’s locally served web UI (v1.1.4.6 and v2.5.0) exposing a reflected XSS flaw in the web interface. The vulnerability allows an attacker on the same local network to trigger arbitrary JavaScript execution within the WDU page by visiting a specific URL and then clic...

CVE-2025-27852

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a reflected cross site scripting XSS attack. This allows an attacker on the local network segment to execute arbitrary JavaScript code within the context of the WDU webpage. Full administrator level access to the device is...

quark-auto-save 安全漏洞

Quark-auto-save is a personal development tool created by Cp0204, designed for automatic transfer of data to Quark Cloud Storage and management of sign-ins. Versions of quark-auto-save prior to 0.8.5 contained security vulnerabilities. These vulnerabilities stemmed from a batch assignment...

CubeCart 代码注入漏洞

CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.7.0 had a code injection vulnerability. This vulnerability stemmed from authenticated server-side template injections in multiple modules. The application insecurely evaluated inputs provided by...