WordPress Meta SEO <= 4.5.2 - Open Redirect

The WP Meta SEO WordPress plugin before 4.5.3 did not authorize several AJAX actions, which allowed low-privilege users to update certain data and resulted in an arbitrary redirect vulnerability. id: CVE-2023-0876 info: name: WordPress Meta SEO = 4.5.2 - Open Redirect author: Khalid6468 severity:...

CVE-2026-45545 Nextcloud: SQL Injection in Column Type Parameter Allows Arbitrary SQL Execution

Nextcloud is an open source content collaboration platform. From versions 0.7.0 to before 0.7.7, 0.8.0 to before 0.8.10, 0.9.0 to before 0.9.8, and 1.0.0 to before 1.0.4, an authenticated attacker with access to the Tables app may be able to execute arbitrary up to 20 bytes long SQL queries,...

CVE-2026-8682

The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

SourceBans Material Admin 安全漏洞

SourceBans Material Admin is a game server management panel tool developed by SourceBans Material Admin developers. Versions prior to 1.1.6 of SourceBans Material Admin contained security vulnerabilities; these vulnerabilities allowed attackers to manipulate arbitrary user data in web application...

CVE-2026-47100

Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject...

CVE-2026-47100

CVE-2026-47100 affects Funnel Builder for WooCommerce Checkout (FunnelKit) prior to version 3.15.0.3. The vulnerability is a missing authorization flaw in the public checkout AJAX flow (update_order_review) that allows an unauthenticated attacker to invoke internal methods and write to the plugin...

PT-2026-40812

Name of the Vulnerable Software and Affected Versions CubeCart versions prior to 6.7.0 Description The admin orders-transactions listing page at 'admin.php? g=orders&node=transactions' constructs a raw ORDER BY SQL fragment using the sort array from the $ GET variable without validating the colum...

CVE-2026-44204 Shelf: SQL Injection via sortBy Parameter

Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user any role to execute arbitrary SQL and read data from any table in the database, including data belonging to...

CVE-2026-7807 SmarterTools SmarterMail < Build 9560 Server Local File Inclusion via the /api/v1/report/summary/{type} API

SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/type API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms...

GHSA-XHW7-J96H-C3G5 YAFNET: Pre-Handler Authorization Bypass on Admin Pages Enables Blind SQL Execution via `/Admin/RunSql`

Issue Details: YAFNET's only admin authorization gate is PageSecurityCheckAttribute, implemented as a ResultFilterAttribute that runs after the page handler completes rather than before it. No other gate exists. Any admin OnPost… handler therefore executes its side effects before the filter...

CyberPanel 访问控制错误漏洞

CyberPanel is a virtual hosting control panel developed by Usman Nasir, which includes DNS and email servers. Versions of CyberPanel prior to 2.4.4 contained an access control vulnerability. This vulnerability stemmed from an authentication bypass in the AI Scanner worker API endpoints, allowing...

Xibo CMS SQL注入漏洞

Xibo CMS is an open-source content management system for Xibo Digital Signage. Versions 1.7 to 4.4.0 of Xibo CMS have SQL injection vulnerabilities. These vulnerabilities stem from SQL injection in the dataset filtering parameters within the API routing, which may allow authorized users to access...

VulnCheck KEV: CVE-2025-2749

An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code...

CVE-2026-40503

OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project...

CVE-2026-35033 Jellyfin: Potential SSRF + Arbitrary file read via stream argument injection

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain an unauthenticated arbitrary file read vulnerability via ffmpeg argument injection through the StreamOptions query parameter parsing mechanism. The ParseStreamOptions method in StreamingHelpers.cs adds any...

CVE-2026-33703

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the /social-network/personal-data/userId endpoint allows any authenticated user to access full personal data and API tokens of arbitrary users by modifying the userId...

CVE-2026-34987 Wasmtime with Winch compiler backend on aarch64 may allow a sandbox-escaping memory access

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch baseline non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox. This vulnerability requires use of the Winch...

CVE-2026-33088

Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow an attacker to execute an arbitrary SQL statement...

CVE-2026-35046

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, Tandoor Recipes allows authenticated users to inject arbitrary...

CVE-2024-36058

The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fails to sanitize the POST parameter biblist in /cgi-bin/koha/opac-sendbasket.pl, allowing library users to read arbitrary data from the database...