EUVD-2026-36644

The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such as administrators to read arbitrary .php files from the server, including configuration files that contain database credentials and authentication keys...

CVE-2026-27962 Authlib JWS JWK Header Injection: Signature Verification Bypass

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When key=None is passed to any...

CVE-2022-25154

A DLL hijacking vulnerability in Samsung portable SSD T5 PC software before 1.6.9 could allow a local attacker to escalate privileges. An attacker must already have user privileges on Windows 7, 10, or 11 to exploit this vulnerability...

CVE-2022-25154

A DLL hijacking vulnerability in Samsung portable SSD T5 PC software before 1.6.9 could allow a local attacker to escalate privileges. An attacker must already have user privileges on Windows 7, 10, or 11 to exploit this vulnerability...

Samsung portable SSD T5 PC代码问题漏洞

Samsung portable SSD T5 PC is an official software for hard disks from Samsung South Korea. A security vulnerability exists in Samsung portable SSD T5 PC software prior to version 1.6.9, which originates from a DLL hijacking vulnerability that can be exploited by a local attacker to escalate...