CVE-2025-61971

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity...

EUVD-2026-29879

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connection test feature. This issue is fixed in FileMaker Cloud 2.22.0.5...

EUVD-2026-29878

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5...

ANTI-FLUFF

PENTESTINGMETHS Main view example: Web Application As...

PT-2026-40560

The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.53.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

PT-2026-40815

Name of the Vulnerable Software and Affected Versions CubeCart versions prior to 6.7.0 Description An Authenticated Server-Side Template Injection SSTI exists in multiple modules, including Email Templates, Invoices, Documents, and Contact Forms. The application unsafely evaluates user-supplied...

PT-2026-40801

Name of the Vulnerable Software and Affected Versions Quark Drive versions prior to 0.8.5 Description A mass assignment issue exists in the "POST /update" endpoint. Authenticated attackers can overwrite administrator credentials by submitting an arbitrary webui object to the config data dictionar...

PT-2026-40797

Name of the Vulnerable Software and Affected Versions Garmin WDU version 1.4.6 Garmin WDU version 5.0 Description The locally served web site allows a reflected cross site scripting XSS attack, which is a technique where a malicious script is reflected off a web application to the victim's browse...

PT-2026-40791

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An Editor can overwrite a dashboard they do not own to acquire admin privileges for that specific dashboard. This privilege escalation requires the user to have...

PT-2026-40627

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract...

PT-2026-40844

Name of the Vulnerable Software and Affected Versions Argo CD versions prior to 3.2.12 Argo CD versions prior to 3.3.10 Argo CD versions prior to 3.4.2 Description A stored cross-site scripting XSS issue exists in the application Summary tab. A user with application write access developer role ca...

CubeCart 代码注入漏洞

CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.7.0 had a code injection vulnerability. This vulnerability stemmed from authenticated server-side template injections in multiple modules. The application insecurely evaluated inputs provided by...

PT-2026-40600

ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken...

PT-2026-40710

An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to an internal automation bridge. This allows a locally authenticated non-admin user to leverage an exposed communication channel to send unauthorized commands t...

quark-auto-save 安全漏洞

Quark-auto-save is a personal development tool created by Cp0204, designed for automatic transfer of data to Quark Cloud Storage and management of sign-ins. Versions of quark-auto-save prior to 0.8.5 contained security vulnerabilities. These vulnerabilities stemmed from a batch assignment...

AMD多款产品 安全漏洞

AMD EPYC is a high-performance server processor developed by American semiconductor company AMD. Several AMD products have security vulnerabilities. These vulnerabilities could allow local administrator attackers to gain arbitrary system management network access, potentially enabling them to...

Huawei HG630 信任管理问题漏洞

The Huawei HG630 is a home broadband wireless router gateway device produced by the Chinese company Huawei. The Huawei HG630 V2 has a trust management vulnerability; this issue stems from an authentication bypass mechanism, which allows unauthorized attackers to obtain administrative access by...

PT-2026-40748

Name of the Vulnerable Software and Affected Versions Prisma Browser on macOS affected versions not specified Description A code injection issue exists where the software fails to properly restrict access to its AppleScript interface. This allows a locally authenticated non-admin user to use an...

PT-2026-40770

Name of the Vulnerable Software and Affected Versions Palo Alto Networks Prisma Access Agent affected versions not specified Description A flaw in the privilege management mechanism allows a locally authenticated non-administrative user to escalate privileges to root on macOS and Linux, or NT...

WordPress plugin ultimate-member 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...