CVE-2026-3589

CVE-2026-3589 affects the WordPress WooCommerce plugin, versions 5.4.0 through 10.5.2. The issue arises from improper handling of batch requests, enabling unauthenticated users to invoke admin-level REST endpoints and potentially create arbitrary admin users via CSRF. Evidence from multiple sourc...

PT-2026-23668

Name of the Vulnerable Software and Affected Versions WooCommerce versions 5.4.0 through 10.5.2 Description The WooCommerce WordPress plugin does not properly handle batch requests, potentially allowing unauthenticated users to execute administrative actions on non-store REST endpoints. This coul...

Alkaid: Resilience to Edit Errors in Provably Secure Steganography Via Distance-Constrained Encoding

While provably secure steganography provides strong concealment by ensuring stego carriers are indistinguishable from natural samples, such systems remain vulnerable to real-world edit errors e.g., insertions, deletions, substitutions because their decoding depends on perfect synchronization and...

Exploit for Cross-site Scripting in Bdtask Multi_Store_Inventory_Management_System

CVE-2024-2997 Scanner !Versionhttps://img.shields.io/badge...

Vaultwarden 安全漏洞

Vaultwarden is an alternative implementation of the Bitwarden server API, developed by Daniel García. Versions of Vaultwarden prior to 1.35.4 contained a security vulnerability. This vulnerability stemmed from the ability of the Manager to access unauthorized collections through batch permission...

Linux Distros Unpatched Vulnerability : CVE-2024-36138

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn /...

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2025.3.15 contained a security vulnerability caused by improper execution of...

PT-2026-30181

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.0-rc1-00116-g018018a17770 Description A flaw was discovered in the Linux kernel's mm/rmap subsystem related to the restoration of page table entries PTEs for lazyfree folios. Specifically, when batch unmappin...

PT-2026-26235

Summary On Windows, the Lobster extension previously retried certain spawn failures ENOENT/EINVAL with shell: true for wrapper compatibility. In that fallback path, tool-provided arguments could be interpreted by cmd.exe if fallback was triggered. Affected Packages / Versions - Package: openclaw...

Exploit for Cross-site Scripting in Bdtask Multi_Store_Inventory_Management_System

CVE-2024-2997 Scanner !Versionhttps://img.shields.io/badge...

MajorDoMo Remote Command Injection via cycle_execs Race Condition

This module exploits an unauthenticated command injection vulnerability in MajorDoMo's remote command handler rc/index.php. The param parameter is interpolated into double quotes without escapeshellarg, and the resulting string is passed to safeexec which inserts it into the safeexecs database...

📄 MajorDoMo Remote Command Injection / Race Condition

This Metasploit module exploits an unauthenticated command injection vulnerability in MajorDoMos remote command handler rc/index.php. The param parameter is interpolated into double quotes without escapeshellarg, and the resulting string is passed to safeexec which inserts it into the safeexecs...

CVE-2026-3292

A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the component Batch Interface. The manipulation of the argument data leads to sql injection. The attack is possible to be carried out remotely. The exploit ha...

EUVD-2026-9001

A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the component Batch Interface. The manipulation of the argument data leads to sql injection. The attack is possible to be carried out remotely. The exploit ha...

CVE-2026-3292

A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the component Batch Interface. The manipulation of the argument data leads to sql injection. The attack is possible to be carried out remotely. The exploit ha...

CVE-2026-3292

A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the component Batch Interface. The manipulation of the argument data leads to sql injection. The attack is possible to be carried out remotely. The exploit ha...

CVE-2026-3292 jizhiCMS Batch Model.php findAll sql injection

A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the component Batch Interface. The manipulation of the argument data leads to sql injection. The attack is possible to be carried out remotely. The exploit ha...

CVE-2026-3292

CVE-2026-3292 affects jizhiCMS up to version 2.5.6. The vulnerability is in the Batch Interface component, specifically the findAll function in frphp/lib/Model.php, where input data manipulation leads to SQL injection. It is exploitable remotely and a public exploit has been disclosed. The vendor...

CVE-2026-3292

A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the component Batch Interface. The manipulation of the argument data leads to sql injection. The attack is possible to be carried out remotely. The exploit ha...

CVE-2026-3292 jizhiCMS Batch Model.php findAll sql injection

A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the component Batch Interface. The manipulation of the argument data leads to sql injection. The attack is possible to be carried out remotely. The exploit ha...