Download Monitor < 4.4.5 - SQL Injection

The Download Monitor plugin for WordPress is vulnerable to SQL injection via the 'orderby' parameter in versions before 4.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attacker...

CVE-2026-11975

Stored cross-site scripting XSS in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without HTML sanitization and rendered unencoded via @Html.Raw...

EUVD-2016-10880

WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in...

CVE-2026-47124

CVE-2026-47124 (Nezha Monitoring) : In versions 1.4.0 through before 2.0.9, any authenticated non-admin user can connect to the server-status WebSocket and receive telemetry for all servers, including those owned by other users. The WebSocket stream bypasses per-server HasPermission checks, retur...

CVE-2026-6739 Mattermost: Delegated admins could patch protected default system roles

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 fail to require system-level permission when patching protected default system roles, which allows authenticated users with delegated user-management permissions to escalate privileges by altering built-i...

CVE-2026-6739

Mattermost vulnerability CVE-2026-6739 affects multiple releases: 11.6.x &lt;= 11.6.1, 11.5.x &lt;= 11.5.4, 10.11.x &lt;= 10.11.15, and 10.11.x

CVE-2026-6739 Mattermost: Delegated admins could patch protected default system roles

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 fail to require system-level permission when patching protected default system roles, which allows authenticated users with delegated user-management permissions to escalate privileges by altering built-i...

Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs

Authorities in Europe have disrupted AudiA6 , a cryptocurrency laundering service used by ransomware gangs and cybercriminal networks. Europol, in a statement issued Thursday, said the dismantling of AudiA6 cut off a "key financial pipeline used to wash hundreds of millions in illicit profits." T...

CVE-2026-11986

CVE-2026-11986 involves the Keycloak admin-ui-ext component. The root cause is that certain bulk role-removal endpoints do not perform granular permission checks when deleting role mappings, enabling a delegated administrator with limited permissions to remove highly privileged roles from other u...

CVE-2026-11986

A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to perform granular permission checks when deleting role mappings. This allows a delegated administrato...

Palo Alto Networks PAN-OS 跨站脚本漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. Palo Alto Networks PAN-OS has a cross-site scripting vulnerability. This vulnerability stems from cross-site scripting, and it could allow malicious authenticated administrators to use the w...

Palo Alto Networks PAN-OS 操作系统命令注入漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. Palo Alto Networks PAN-OS has a vulnerability related to command injection. This vulnerability arises from command injections, which may allow authenticated administrators to bypass system...

EUVD-2026-35464

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

CVE-2026-9210

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

CVE-2026-0417

Insufficient input validation vulnerability in the listed NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity...

CVE-2026-0418

Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system...

CVE-2026-0412

Insufficient input validation vulnerability in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in...

CVE-2026-0415

CVE-2026-0415 affects certain NETGEAR Orbi routers where insufficient input validation by the device allows authenticated administrators on the local network to modify router software and functionality without authorization. The description specifies that the vulnerability arises from input valid...

CVE-2026-0415 Insufficient input validation vulnerability in certain Orbi routers

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

CVE-2026-0417 Insufficient input validation in certain NETGEAR routers

Insufficient input validation vulnerability in the listed NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity...