WordPress plugin divi-booster 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

EUVD-2026-10458

Due to a Missing Authorization Check in SAP Business Warehouse Service API, an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request...

EUVD-2026-10446

The SAP Customer Checkout application exhibits certain design characteristics that involve locally storing operational data using reversible protection mechanisms. Access to this data, combined with user?initiated interaction, may allow modifications to occur without validation. Such changes coul...

EUVD-2026-10443

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced...

CVE-2026-27686 Missing Authorization check in SAP Business Warehouse (Service API)

Due to a Missing Authorization Check in SAP Business Warehouse Service API, an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request...

CVE-2026-27686

SAP Business Warehouse (Service API) is affected by CVE-2026-27686 due to a Missing Authorization Check. An authenticated attacker could use an affected RFC function module to perform unauthorized configuration and control changes, potentially disrupting request processing and causing denial of s...

CVE-2026-27686

Due to a Missing Authorization Check in SAP Business Warehouse Service API, an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request...

CVE-2026-27686 Missing Authorization check in SAP Business Warehouse (Service API)

Due to a Missing Authorization Check in SAP Business Warehouse Service API, an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request...

CVE-2026-24311 Insecure Storage Protection vulnerability in SAP Customer Checkout 2.0

The SAP Customer Checkout application exhibits certain design characteristics that involve locally storing operational data using reversible protection mechanisms. Access to this data, combined with user?initiated interaction, may allow modifications to occur without validation. Such changes coul...

CVE-2026-24311

CVE-2026-24311 affects SAP Customer Checkout 2.0. The issue is caused by design characteristics that store operational data locally using reversible protection, allowing modifications with user interaction and no validation, potentially affecting startup behavior and impacting confidentiality and...

kernel security update

5.14.0-611.38.1 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...

PT-2026-24162

Due to a Missing Authorization Check in SAP Business Warehouse Service API, an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request...

Umbraco 安全漏洞

Umbraco is an open-source content management system CMS written in C by the Danish company Umbraco. Versions of Umbraco from 15.3.1 to 16.5.1 and before, as well as versions prior to 17.2.2, have security vulnerabilities. These vulnerabilities stem from insufficient authorization when modifying...

SAP Business Warehouse 安全漏洞

SAP Business Warehouse is a key component of the German company SAP, used for executing business processes. It allows users to design, implement, and manage business processes, ensuring compliance with regulations and reducing the need for manual operations through automation. There is a security...

PT-2026-24487

Name of the Vulnerable Software and Affected Versions Umbraco versions 15.3.1 through 16.5.0 Umbraco version 17.2.2 Description Umbraco CMS contains a privilege escalation issue. Authenticated backoffice users with user management permissions may be able to gain elevated privileges due to...

Malicious code in hxq-misc-utils-0379 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron 1e22088fbe314143f0c3eb971a645a125a9a32753184ceb5abd533ac7e60da69 This package includes an encrypted payload file that appears to be used to deliver code or resources to other packages. The payload changes betwe...

MAL-2026-1453 Malicious code in hxq-misc-utils-0379 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron 1e22088fbe314143f0c3eb971a645a125a9a32753184ceb5abd533ac7e60da69 This package includes an encrypted payload file that appears to be used to deliver code or resources to other packages. The payload changes betwe...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the chat.send process. An attacker can perform unauthorized persistent configuration changes by routing /config set or /config unset commands through an...

CVE-2026-2330

An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could...

CVE-2026-1087 The Guardian News Feed <= 1.2 - Cross-Site Request Forgery to Settings Update

The Guardian News Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify the plugin's settings,...