PT-2026-45703

The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'new domain' parameter in all versions up to, and including, 2.0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

PT-2026-45711

Name of the Vulnerable Software and Affected Versions JTL-Connector for WooCommerce versions prior to 2.4.2 Description The plugin contains missing authorization due to a lack of capability checks and nonce verification. This allows authenticated attackers with Subscriber-level access or higher t...

CVE-2026-30650

Vivotek FD8136 cameras (firmware FD8136-VVTK-0300a) expose a post-authentication remote buffer overflow in the /cgi-bin/admin/eventtask.cgi endpoint. An authenticated attacker can remotely execute arbitrary code with root privileges. The issue is characterized by CVE-2026-30650 with a high impact...

CVE-2026-35716

CVE-2026-35716 describes a stack-based buffer overflow in the motion_privacy.cgi binary of VIVOTEK FD8136 firmware (FD8136-VVTK-0300a). The issue occurs when an oversized n1 parameter in a POST request to endpoints /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or /cgi-bin/admin/setmd_profil...

PT-2026-45882

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.4 Description Users with only VIEW access to an MCP server can retrieve decrypted admin-managed secrets. This occurs through the endpoints "/api/mcp/servers" and "/api/mcp/servers/:serverName", where the returne...

Linux Distros Unpatched Vulnerability : CVE-2026-44825

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attack...

Alf.io 安全漏洞

Alf.io is a free and open-source attendance management system developed by Alf.io. Versions of Alf.io prior to 2.0-M5-2606 contained security vulnerabilities. These vulnerabilities stemmed from sandbox escape in the extended script engine. Combined with unprotected injection of Java object...

CVE-2026-40964

Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and platform component via minting a JWT that the cf-auth-proxy accepts as a valid logs.admin token...

CVE-2018-25435

ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Attackers can deactivate customer accounts via the admin interface by tricking users into visiting attacker-controlled pages...

CVE-2026-45279

A flaw was found in Nextcloud Server. This vulnerability allows non-admin users to perform a path traversal when the lang variable is used in the template directory configuration. An attacker can exploit this to copy arbitrary files, subject to existing Unix permissions, into their own Nextcloud...

CVE-2026-10178

A vulnerability was detected in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminEditAlbum.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may ...

CVE-2026-44848

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints /plugins/ were not registered...

CVE-2026-45631

Dokploy is a free, self-hostable Platform as a Service PaaS. From 0.27.0 to before 0.29.3, a hardcoded BETTERAUTHSECRET fallback "better-auth-secret-123456789" lets an unauthenticated attacker forge email verification JWTs, trigger auto-sign-in as admin, and execute commands on the host via the...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management via improper handling of user roles in the api process. An attacker can gain unauthorized administrative privileges by sending crafted requests after authenticating as a regular user. Remediation Upgrade...

CVE-2026-10288

A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function passwordverify of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Password leads to improper authentication. It is possible to launch...

CVE-2026-40964

Cloud Foundry Foundation reports an Authentication Bypass in cf-auth-proxy that permits an unauthenticated remote attacker to read all logs and metrics for all apps and platform components by minting a JWT accepted as a valid logs.admin token. Affected: log-cache_release up to v3.2.6 (inclusive);...

CVE-2026-40964

Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and platform component via minting a JWT that the cf-auth-proxy accepts as a valid logs.admin token...

CVE-2018-25435

CVE-2018-25435 describes a cross-site request forgery (CSRF) in ZeusCart 4.0 that allows an attacker to perform unauthorized admin actions on behalf of a victim. Specifically, by convincing a logged-in admin to visit attacker-controlled pages, requests to the regstatus endpoint with action=deny c...

CVE-2026-10288

A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function passwordverify of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Password leads to improper authentication. It is possible to launch...

EUVD-2026-33762

A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function passwordverify of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Password leads to improper authentication. It is possible to launch...