K000160857: Appliance mode iControl REST vulnerability CVE-2026-34176

Security Advisory Description When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. CVE-2026-34176 Impact In Appliance mode, this...

CVE-2026-42950

The CVE-2026-42950 entry concerns ELECOM wireless LAN access point devices where the language parameter can be given an inappropriate value. The underlying issue may cause the admin page in the user’s web browser to become broken if a logged-in user visits a malicious page. Documented impact is b...

CVE-2026-42950

ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken...

CVE-2026-42950

ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken...

CVE-2026-42950

ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken...

CVE-2026-42948

Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another administrative user's web browser...

MAL-2026-3688 Malicious code in d4rktg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3348d9f4bb35442b1de902c35ca46292f9336a8f83ac8deb7e870b2cd6af9019 The library's sole authorization primitive, CustomFilters.authorize in d4rk/Utils/filters.py, OR's the installer-supplied ownerid and sudousers list...

CVE-2025-9989

The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.53.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

CVE-2025-9989 Broadstreet <= 1.53.1 - Authenticated (Admin+) Stored Cross-Site Scripting

The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.53.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

CVE-2025-9989

CVE-2025-9989 – Broadstreet WordPress plugin : The vulnerability affects Broadstreet plugin versions

CVE-2025-9989

The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.53.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

EUVD-2025-209820

The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.53.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

CVE-2026-7619

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 1.8.10.4 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2026-7635

The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0. This is due to the plugin failing to validate or strip PHP serialization syntax from the User-Agent HTTP header before storing it in the logmeta...

CVE-2026-7619 Charitable <= 1.8.10.4 - Authenticated (Custom+) SQL Injection via 's' Search Parameter

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 1.8.10.4 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2025-61972

The CVE-2025-61972 entry describes a vulnerability in AMD NBIO where missing lock bit protection on NBIO registers can be exploited by a local admin with high privileges to gain arbitrary System Management Network (SMN) access. This can potentially lead to arbitrary code execution within the AMD ...

CVE-2025-61972

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network SMN access, potentially resulting in arbitrary code execution in AMD Secure Processor ASP and loss of the SEV-SNP guest's confidentiality and integrity...

EUVD-2025-209811

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity...

CVE-2025-61971

The CVE-2025-61971 entry concerns missing lock bit protection for NBIO registers in AMD systems, enabling a locally privileged attacker to modify MMIO routing configurations and potentially compromise SEV-SNP guest integrity. Connected sources confirm affected component as NBIO registers and MMIO...

CVE-2025-61971

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity...