WordPress plugin Wishlist Member 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin WooCommerce PayPal Payments 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2026-36226

Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User component...

CVE-2026-9223

Missing authorization in the vault import feature in Devolutions Server 2026.1.16.0 and earlier allows a low-privileged authenticated user to create new vaults via a crafted import request...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the FormManager::create function. An attacker can access and exfiltrate sensitive database contents, including user credentials, by injecting arbitrary SQL statements through crafted input to the bnidnature parameter...

Exploit for CVE-2026-36226

CVE-2026-36226: Advantech WebAccess/SCADA Create New Project U...

OESA-2026-2414 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

OESA-2026-2413 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

CVE-2026-36226

CVE-2026-36226 affects Advantech WebAccess/SCADA 8.0-2015.08.16. A cross-site scripting flaw resides in the Admin Dashboard’s Create New Project User component, where unsanitized input in the decryption field can be rendered and execute JavaScript in an authenticated user’s browser context. Docum...

EUVD-2026-31474

Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User component...

CVE-2026-36226

Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User component...

PT-2026-42810

Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.6.4 Description An unauthenticated SQL injection exists in the Bazar form-import functionality. An unauthenticated visitor can inject arbitrary SQL into an INSERT statement via the FormManager::create function. This...

PT-2026-42803

Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User component...

USN-8294-1: PostgreSQL vulnerabilities

It was discovered that PostgreSQL did not correctly enforce authorization for CREATE TYPE. An attacker could possibly use this issue to execute arbitrary SQL functions. CVE-2026-6472 It was discovered that PostgreSQL incorrectly handled large user input in multiple server features. An attacker...

USN-8294-1 postgresql-14, postgresql-16, postgresql-17, postgresql-18 vulnerabilities

It was discovered that PostgreSQL did not correctly enforce authorization for CREATE TYPE. An attacker could possibly use this issue to execute arbitrary SQL functions. CVE-2026-6472 It was discovered that PostgreSQL incorrectly handled large user input in multiple server features. An attacker...

apify (=3.0.0rc1), bagit-create (>=1.2.0 <=1.4.4) potentially affected by CVE-2026-46497 via crawlee (>=1.0.0rc1 <=1.1.0)

crawlee PYPI version =1.0.0rc1, =1.2.0, =1.4.4 Source cves: CVE-2026-46497 Source advisory: OSV:GHSA-3R75-XC34-5F44...

EUVD-2026-31221

Mattermost versions 11.5.x = 11.5.1 fail to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x have security vulnerabilities. These vulnerabilities stem from a failure to verify the team-level operating permissions for target teams,...

Malicious code in create-kachow (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b65b2deeeafefb22b81e6a863b51115953b108991e5462d939dce3d6b8ee4a97 bin/create-kachow.js declares a BUILTINKEYS object containing live API keys for four third-party AI providers Gemini key starting...

MAL-2026-4539 Malicious code in create-kachow (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b65b2deeeafefb22b81e6a863b51115953b108991e5462d939dce3d6b8ee4a97 bin/create-kachow.js declares a BUILTINKEYS object containing live API keys for four third-party AI providers Gemini key starting...