CVE-2026-52714

CVE-2026-52714 involves an unauthenticated broken access control in the WordPress SEO Plugin by Squirrly SEO, affected versions

CVE-2026-52711 WordPress WooCommerce POS plugin <= 1.8.14 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WooCommerce POS = 1.8.14 versions...

EUVD-2026-37048

Unauthenticated Broken Access Control in WooCommerce POS = 1.8.14 versions...

CVE-2026-39490 WordPress JupiterX Core plugin <= 4.14.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in JupiterX Core = 4.14.1 versions...

CVE-2026-39490

The CVE-2026-39490 entry concerns the WordPress JupiterX Core plugin, affected at versions

EUVD-2025-210166

Unauthenticated Broken Access Control in WP Event SOlution = 4.1.12 versions...

CVE-2025-68045 WordPress WP Event SOlution plugin <= 4.1.12 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WP Event SOlution = 4.1.12 versions...

CVE-2025-68045

CVE-2025-68045 concerns the WordPress WP Event Solution plugin, affected versions

USN-8349-3: rsync regression

USN-8349-1 fixed vulnerabilities in rsync. Unfortunately that update introduced multiple regressions in rsync functionality. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Calum Hutton discovered that rsync contained a heap-based out-of-bounds read...

CWP (Control Web Panel) < 0.9.8.1205 - Remote Code Execution

CWP Control Web Panel 0.9.8.1205 contains a remote code execution caused by shell metacharacters in the ttotal parameter in filemanager changePerm request, letting unauthenticated attackers execute code remotely, exploit requires knowledge of a valid non-root username. id: CVE-2025-48703 info:...

Cisco Small Business WAN VPN Routers - Sensitive Information Disclosure

Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated remote attacker to retrieve sensitive information due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and...

CentOS Web Panel 7 <0.9.8.1147 - Remote Code Execution

CentOS Web Panel 7 before 0.9.8.1147 is susceptible to remote code execution via entering shell characters in the /login/index.php component. This can allow an attacker to execute arbitrary system commands via crafted HTTP requests and potentially execute malware, obtain sensitive information,...

Atlassian Bitbucket - Remote Command Injection

Atlassian Bitbucket Server and Data Center is susceptible to remote command injection. Multiple API endpoints can allow an attacker with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request, thus making it possible to obtain...

Adobe ColdFusion - Arbitrary File Read

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary...

Adobe ColdFusion - Unrestricted File Upload Remote Code Execution

Adobe ColdFusion versions July 12 release 2018.0.0.310739, Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. id: CVE-2018-15961 info: name: Adobe ColdFusion - Unrestricted File Upload...

Adobe ColdFusion - Access Control Bypass

There is an access control bypass vulnerability in Adobe ColdFusion versions 2023 Update 2 and below, 2021 Update 8 and below and 2018 update 18 and below, which allows a remote attacker to bypass the ColdFusion mechanisms that restrict unauthenticated external access to ColdFusion's Administrato...

Juniper J-Web - Remote Code Execution

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables to execute remote commands id: CVE-2023-36845 info: name: Juniper J-Web - Remote Code...

Ivanti ICS - Authentication Bypass

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. id: CVE-2023-46805 info: name: Ivanti ICS - Authentication Bypass author: DhiyaneshDK,daffainfo,geeknik...

Webmin <1.990 - Improper Access Control

Webmin before 1.990 is susceptible to improper access control in GitHub repository webmin/webmin. This in turn can lead to remote code execution, by which an attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without enterin...

Malicious code in pampipes (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 660a84b18bd4e15af0f490d3f4bfde871b12e7912493f23d5ae7a3db10a82565 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...