CVE-2025-41007 SQL Injection in Cuantis

SQL Injection in Cuantis. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'search' parameter in the '/search.php' endpoint...

WordPress Linksy Search and Replace plugin <= 1.0.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Update via linksy_search_and_replace_item_details vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Database Update via linksysearchandreplaceitemdetails vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Linksy Search and Replace versions = 1.0.4...

CVE-2026-2941

CVE-2026-2941 affects the WordPress plugin Linksy Search and Replace . The vulnerability arises from a missing capability check in the function linksy_search_and_replace_item_details across all versions up to and including 1.0.4, allowing authenticated users with subscriber-level access and above...

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 16, 2026 to February 22, 2026)

Triple Threat Bug Bounty Challenge Hunt High Threat vulnerabilities and earn triple the incentives! Now through April 6, 2026 , earn three stacked bonuses on all valid submissions from our 'High Threat Vulnerabilities' list: 2x all high threat vulnerability bounties excluding 5,000,000+ installs...

CVE-2025-25652

In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal...

CVE-2025-25652

In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal...

CVE-2025-25652

In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal...

CVE-2025-25652

In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal...

CVE-2025-25652

CVE-2025-25652 affects Eptura Archibus 2024.03.01.109. The vulnerability is a directory traversal in the Database Update Wizard’s Run script and Server File components, enabling an attacker to read files on the server by manipulating requests (e.g., c0-param0/c0-param1 in the affected service). R...

PT-2026-2449

Name of the Vulnerable Software and Affected Versions Eptura Archibus version 2024.03.01.109 Description The “Run script” and “Server File” components within the “Database Update Wizard” are susceptible to directory traversal. This allows unauthorized access to files and directories...

Eptura Archibus 安全漏洞

Eptura Archibus is an all-in-one workspace management system platform from Eptura Corporation, USA. A security vulnerability exists in Eptura Archibus version 2024.03.01.109, which stems from a directory traversal in the Run script and Server File components of the Database Update Wizard...

CVE-2025-25652

In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal...

📄 Eptura Archibus Directory Traversal

In Eptura Archibus versions before version 2025.01, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal. Title: Eptura Archibus Directory Traversal Description: In Eptura Archibus versions before v2025.01, the "Run script" and "Serve...

Cross-site Scripting (XSS)

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the shipping options configuration form in the E-commerce module ecommerce.shippingoption. An...

CVE-2025-32785

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions prior to 6.3 are vulnerable to cross-site scripting XSS via the Address field in the Subscribed Lists group management section...

CVE-2025-32785

Pi-hole Admin Interface (Pi-hole) versions prior to 6.3 are vulnerable to cross-site scripting (XSS) via the Address field in the Subscribed Lists group management. An authenticated user can inject JavaScript by placing a payload in Address when creating or editing a list entry. The XSS is trigge...

CVE-2025-32785 Pi-hole Admin Interface vulnerable to persistent XSS on Subscribed lists group management (Adress Field)

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions prior to 6.3 are vulnerable to cross-site scripting XSS via the Address field in the Subscribed Lists group management section...

CVE-2025-32785 Pi-hole Admin Interface vulnerable to persistent XSS on Subscribed lists group management (Adress Field)

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions prior to 6.3 are vulnerable to cross-site scripting XSS via the Address field in the Subscribed Lists group management section...

PT-2025-44010

Name of the Vulnerable Software and Affected Versions Pi-hole Admin Interface versions prior to 6.3 Description The Pi-hole Admin Interface, a web interface for managing the Pi-hole advertisement and internet tracker blocking application, is susceptible to a cross-site scripting XSS issue. This...

Photon OS 4.0: Mysql PHSA-2025-4.0-0894

An update of the mysql package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0894. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...