CVE-2026-40793

CVE-2026-40793 concerns the WordPress Groundhogg plugin (versions earlier than 4.4.1) with a Broken Access Control vulnerability. The public description identifies the issue as a subscriber-level access control flaw in Groundhogg < 4.4.1. The connected documents corroborate that the vulnerabil...

Xibo 安全漏洞

Xibo is a digital signage content management tool developed by Dan Garner. Versions of Xibo prior to 4.4.1 contained security vulnerabilities. These vulnerabilities allowed any authenticated user to manually construct URLs to preview activities/areas and export saved reports belonging to other...

CVE-2025-59706

In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution...

CVE-2025-59707

Affected software: N2W. Vulnerable versions: before 4.3.2 and 4.4.x before 4.4.1. Root cause: a spoofing vulnerability that can lead to remote code execution and theft of account credentials. Impact: potential RCE and credential exposure as described in multiple sources (Red Hat and ENISA entries...

CVE-2025-59706

In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002837)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002837 advisory. The sndseqioctlremoveevents function in sound/core/seq/seqclientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO...

GO-2026-4275 Mattermost with Jira plugin enabled has Incorrect Implementation of Authentication Algorithm in github.com/mattermost/mattermost-plugin-jira

Mattermost with Jira plugin enabled has Incorrect Implementation of Authentication Algorithm in github.com/mattermost/mattermost-plugin-jira. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is...

Convoy 安全漏洞

Convoy is Convoy Open Source a modern platform tailored for hosting providers and enthusiasts. A security vulnerability exists in Convoy versions prior to 4.4.1 that stems from a directory traversal vulnerability in the LocaleController component...

Dell Wyse Management Suite < 4.4.1 Multiple Vulnerabilities (DSA-2024-440)

The version of Dell Wyse Management Suite installed on the remote host is prior to 4.4.1. It is, therefore, affected by multiple vulnerabilities as referenced in the DSA-2024-440 advisory. - Authentication Bypass by Capture-replay vulnerability. A high privileged attacker with remote access could...

NextGen Mirth Connect Security Breach

NextGen Mirth Connect is a healthcare integration engine from NextGen USA. A security vulnerability exists in versions of NextGen Mirth Connect prior to 4.4.1 that stems from vulnerability to unauthenticated remote code execution attacks...

TYPO3 FLUID Templating Engine Cross-Site Scripting Vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. FLUID Templating Engine is one of the templating engines.A cross-site scripting vulnerability exists in FLUID Templating Engine in TYPO3 versions prior to 4.3.4 and 4.4.x versions prior to...

EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1492)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The sndtimerinterrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked...