CVE-2022-50949 WordPress Plugin Videos sync PDF 1.7.4 Stored XSS

WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized mov, pdf, mp4, webm, and ogg parameters. Attackers can inject payloads like autofocus onfocus event handlers throug...

CVE-2022-50944 Aero CMS 0.0.1 PHP Code Injection via posts.php

Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=addpost parameter, a...

CVE-2022-50944

Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=addpost parameter, a...

CVE-2022-50944 Aero CMS 0.0.1 PHP Code Injection via posts.php

Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=addpost parameter, a...

CVE-2022-50944

Aero CMS 0.0.1 is affected by a PHP code injection vulnerability. Authenticated attackers can upload PHP files via the image parameter to the admin posts.php endpoint with source=add_post, leading to server-side code execution. The vulnerability exposes high impact on confidentiality, integrity, ...

WordPress plugin Download From Files 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

PT-2026-39503

WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization of the forum name parameter. Attackers can submit POST requests to the admin setup page with...

PT-2026-39513

ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticated attackers to execute arbitrary PHP code by injecting malicious code into the sat code parameter. Attackers can authenticate, submit a POST request to...

PT-2026-39524

Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vulnerability in the smilies administration interface that allows authenticated attackers to inject malicious scripts by manipulating the s emotion parameter. Attackers can submit POST requests to admin.php with JavaScript code i...

PT-2026-39510

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

PT-2026-39485

WordPress International Sms For Contact Form 7 Integration version 1.2 contains a reflected cross-site scripting vulnerability in the page parameter of the admin settings interface. Attackers can inject malicious scripts through the page parameter in class-sms-log-display.php to execute arbitrary...

PT-2026-39473

Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=add post parameter,...

SUSE SLES15 Security Update : python-Django (SUSE-SU-2026:1740-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1740-1 advisory. This update for python-Django fixes the following issues - CVE-2026-3902: headers spoofing by exploiting an ambiguous mapping of two header...

CVE-2026-8211

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may...

CVE-2026-8211

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may...

CVE-2026-8211 codelibs Fess JSP File AdminDesignAction.java update code injection

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may...

CVE-2026-8211

CVE-2026-8211 affects codelibs Fess up to 15.5.1. The vulnerability lies in the JSP File Handler’s AdminDesignAction.java update function, where manipulation of the content argument enables code injection. Attacks can be performed remotely, and the exploit is public. No remediation details are pr...

EUVD-2026-28920

A security flaw has been discovered in Wavlink NU516U1 M16U1V240425. This vulnerability affects the function wzdap of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument EncrypType/wlPass is directly passed by the attacker/so we can control the EncrypType/wlPass results in os...

CVE-2026-42571

Pelican is a platform for creating data federations. From versions 7.21.0 to before 7.21.5, 7.22.0 to before 7.22.3, 7.23.0 to before 7.23.3, and 7.24.0 to before 7.24.2, there is a a privilege escalation vulnerability affecting Pelican's Web User Interface WebUI. This attack allows any user...

CVE-2026-42562

Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allows a low-privilege authenticated user to self-escalate to administrator by submitting admin=true in PUT /api.php/v1/users/id. The endpoint directly persists the admin attribute from user input, and the escalated accou...