CVE-2026-8909

The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.3. This is due to missing or incorrect nonce validation on the handleSaveGeneralSettings function. This makes it possible for unauthenticated attackers to modify the plugin's...

CVE-2026-42948

Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another administrative user's web browser...

PT-2026-5831

Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database manageme...

CVE-2025-11697

A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using path traversal sequences, resulting in execution of scripts with Administrator privileges on system reboot...

IPFire 跨站脚本漏洞

IPFire is an open source Linux distribution from the IPFire organization. It is primarily used as a router and firewall. A security vulnerability exists in the IPFire WebUI that originates when an administrative user prepares a malicious script and then another administrative user accesses the...

mambo -- multiple vulnerabilities

A Secunia Advisory reports: Some vulnerabilities have been reported in Mambo, where some have unknown impacts and others can be exploited by malicious people to conduct spoofing and SQL injection attacks. Input passed to the "userrating" parameter when voting isn't properly sanitised before being...