Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

...

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Improper input validation in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...

Microsoft Edge (Chromium-based) Spoofing Vulnerability

...

CVE-2026-7046

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'table' parameter in all versions up to, and including, 9.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2026-7046

The CVE concerns the NEX-Forms – Ultimate Forms Plugin for WordPress. All versions up to 9.1.12 are affected by a time-based blind SQL Injection in the 'table' parameter due to insufficient escaping and inadequate query preparation. Authenticated attackers with administrator-level access can appe...

EUVD-2026-30518

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'table' parameter in all versions up to, and including, 9.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2026-7046

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'table' parameter in all versions up to, and including, 9.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

SUSE CVE-2026-43483

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Set/clear CR8 write interception when AVIC is deactivated Explicitly set/clear CR8 write interception when AVIC is deactivated to fix a bug where KVM leaves the interception enabled after AVIC is activated. E.g. if KVM...

From Backup Restoration to Minimum Viable Factory Recovery: A Systematization of Ransomware Recovery in Manufacturing Systems

Ransomware recovery in critical manufacturing infrastructure is not only a backup-restoration problem. Production capability depends on coupled information-technology, operational-technology, physical-process, quality, logistics, identity, and supplier systems. After ransomware, a plant may rebui...

PT-2026-41338

Name of the Vulnerable Software and Affected Versions Trog::TOTP versions prior to 1.006 Description Secrets are generated using the built-in Perl rand function, which is predictable and unsuitable for security purposes. Recommendations Update to version 1.006 or later...

phpMyFAQ SQL注入漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained an SQL injection vulnerability. This vulnerability stemmed from the BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods, which inserted...

PT-2026-41712

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based versions prior to 148.0.3967.70 Description A remote code execution issue exists due to improper input validation within the browser's rendering pipeline and JavaScript engine. An unauthenticated attacker can...

PT-2026-41294

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...

PT-2026-41345

PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the login userid parameter of login.php that allows unauthenticated attackers to extract database contents. Attackers can submit crafted POST requests with SQL payloads using SLEEP functions or RLIKE...

PT-2026-41711

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A spoofing issue in Microsoft Edge Chromium-based allows attackers to affect the system. This includes a universal cross-site scripting XSS flaw—a type of vulnerability...

magento-lts 安全特征问题漏洞

Magento LTS is an open-source alternative to OpenMage, designed as a reliable substitute for the official Magento CE version. Versions of Magento LTS prior to 20.18.0 had security vulnerabilities. These vulnerabilities stemmed from the XML-RPC/SOAP API session IDs using time-based, outdated...

Open WebUI 跨站脚本漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.0 had a cross-site scripting vulnerability. This vulnerability stemmed from improper cleanup order in the Banner component, leading to storage-based cross-site...

PT-2026-41277

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'table' parameter in all versions up to, and including, 9.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2026-42847

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 122, there is a critical SQL Injection SQLi vulnerability in ClipBucket, exploitable through the type parameter on the authenticated admin endpoint adminarea/actionlogs.php. The endpoint adminarea/actionlogs.php reads...

EUVD-2026-30483

Tuist is a virtual platform team for Swift app devs. In 1.180.8 and earlier, the DELETE /api/projects/accounthandle/projecthandle/previews/previewid endpoint loads the preview by its UUID without verifying that the preview belongs to the project resolved from the URL path. The route's project-lev...