WordPress plugin Schema and Structured Data for WP and AMP 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-48603

internal/pki/resolver.go:36-64 constructs a CAManager with the plaintext ed25519.PrivateKey after unwrapping via the master key; internal/pki/ca.go:13-16 stores it. Callers at internal/api/enroll.go:116, internal/api/updates.go:297, and internal/api/mobile bundle.go:40 use the manager for one Sig...

PT-2026-48443

A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer data, including sources, agents, and assessments,...

PT-2026-48495

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious classic dashboard that...

PT-2026-48551

Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads...

Splunk Enterprise 9.3.0 < 9.3.13, 9.4.0 < 9.4.12, 10.0.0 < 10.0.7, 10.2.0 < 10.2.4 (SVD-2026-0606)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0606 advisory. - In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13...

Bridging the Smart City Cybersecurity Data Gap through AI-Driven Synthetic Dataset Generation

Smart cities rely on interconnected cyber-physical systems that integrate sensors, IoT devices, cloud platforms, and AI-driven services and decision-making. While these systems enhance city services, they also introduce complex cybersecurity challenges due to their large attack surfaces,...

PT-2026-48371

Name of the Vulnerable Software and Affected Versions QuMagie versions prior to 2.9.0 Description A missing authorization issue allows remote attackers to access unauthorized data or perform unauthorized actions. Recommendations Update to version 2.9.0 or later...

Incorrect Authorization

Overview org.springframework.graphql:spring-graphql is a GraphQL Support for Spring Applications Affected versions of this package are vulnerable to Incorrect Authorization via annotation resolution for @Controller data fetchers in Spring GraphQL. An attacker can bypass authorization checks when...

National Security Agency Ghidra 数据伪造问题漏洞

National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Prior to version 12.1 of National Security Agency Ghidra, there was a data manipulation vulnerability. This vulnerability stemmed from the PKIAuthenticationModule.authenticat...

Plonky3 数据伪造问题漏洞

Plonky3 is an open-source implementation of the Polynomial IOP cryptographic primitive toolkit by Plonky3 developers. Versions of Plonky3 prior to 0.4.3 and 0.5.3 contained a data forgery vulnerability. This vulnerability allowed attackers to control the observations made by the prover, resulting...

VMware Spring Data REST 访问控制错误漏洞

VMware Spring Data REST is a data interface provided by the American company VMware. It is used to build domain models based on Spring Data repositories, and to expose hypermedia-driven HTTP resources for aggregates contained within those models. VMware Spring Data REST versions 3.7.0 and earlier...

Migration Planner UI 访问控制错误漏洞

The Migration Planner UI is an open-source migration planning frontend tool developed by KubeV2V. The Migration Planner UI has an access control vulnerability. This vulnerability stems from the lack of proper authorization and filtering in the/api/v1/sources route, which may allow authenticated...

VMware Spring Data REST 安全漏洞

VMware Spring Data REST is a data interface provided by the American company VMware. It is used to build HTTP resources that drive hypermedia, based on Spring Data repositories. These resources are designed to manage domain models of applications and provide hypermedia-driven services for...

Splunk Cloud Platform和Splunk Enterprise 输入验证错误漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an input validation...

QNAP Systems QuMagie 安全漏洞

QNAP Systems QuMagie is a QTS photo management application developed by QNAP Systems. There is a security vulnerability in QNAP Systems QuMagie, which stems from lack of authorization. This vulnerability may allow remote attackers to access unauthorized data or perform unauthorized operations. Th...

Aix-DB 访问控制错误漏洞

Aix-DB is an intelligent data analysis and visualization system developed by AiAdventurer’s individual developers. Versions of Aix-DB 1.2.4 and earlier contained a access control vulnerability. This vulnerability stemmed from the lack of authentication checks for the /llm/processllmout endpoint,...

BSimVis 跨站脚本漏洞

BSimVis is a binary program similarity analysis and visualization tool developed by the MISP Project. Versions of BSimVis up to v0.2.0 contained a cross-site scripting vulnerability. This vulnerability allowed attackers to execute operations as victims, access data that the victims could access, ...

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.23.0 contain security vulnerabilities. These vulnerabilities stem from the runtime Pod using the fission-fetcher ServiceAccount and automatically mounting tokens. User function code can rea...

Russh 安全漏洞

Russh is a Rust SSH client and server library developed by Eugene as a personal project. Versions of Russh from 0.34.0 to 0.61.1 contained security vulnerabilities. These vulnerabilities stemmed from the acceptance of overly large compressed data packets when SSH compression was enabled, which...