CVE-2026-2626 Divi Booster < 5.0.2 - Unauthenticated PHP Object Injection

The divi-booster WordPress plugin before 5.0.2 does not have authorization and CSRF checks in one of its fixing function, allowing unauthenticated users to modify stored divi-booster WordPress plugin before 5.0.2 options. Furthermore, due to the use of unserialize on the data, this could be furth...

Listmonk Insecure Sprig Template Functions Environment Disclosure

This module exploits insecure Sprig template functions in Listmonk versions prior to v5.0.2. The env and expandenv functions are enabled by default, allowing authenticated users with campaign permissions to extract sensitive environment variables via campaign preview. Module Options msf use...

Linux Distros Unpatched Vulnerability : CVE-2016-6702

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a...

Lychee SQL Injection Vulnerability

Lychee is a beautiful and easy to use photo management system from The Lychee Organisation open source. Used to manage and share photos . Lychee versions prior to 5.0.2 SQL injection vulnerability , the vulnerability stems from the component mysql/mariadb SQL injection vulnerability...