CVE-2026-0267 GlobalProtect App: Information Exposure Vulnerability on macOS

An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the...

CVE-2025-14427

The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MfaEmailDisable action in all versions up to, and including, 21.0.9. This makes it possible for...

PT-2026-20617

The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MfaEmailDisable action in all versions up to, and including, 21.0.9. This makes it possible for...

PT-2025-9081 · WordPress · Url Media Uploader

Name of the Vulnerable Software and Affected Versions: URL Media Uploader plugin for WordPress versions prior to 1.1.0, or more specifically, version 1.0.0 and earlier Description: The issue allows authenticated attackers with author-level access and above to perform Server-Side Request Forgery v...

PT-2025-1860 · Gpt4 +5 · Gpt4 +5

Name of the Vulnerable Software and Affected Versions: The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress versions up to, and including, 1.3.1 Description: The issue is related to a missing capability check and file type validatio...

PT-2024-17487 · WordPress · Print Invoice & Delivery Notes For Woocommerce

Name of the Vulnerable Software and Affected Versions: Print Invoice & Delivery Notes for WooCommerce plugin for WordPress versions up to, and including, 5.4.0 Description: The issue is due to a missing capability check on the wcdn remove shoplogo AJAX action. This makes it possible for...

PT-2024-14058 · Trendnet · Trendnet Ac1200 Tew-821Dap

Name of the Vulnerable Software and Affected Versions: TRENDnet Trendnet AC1200 TEW-821DAP version 3.00b06 Description: The issue allows an attacker to execute arbitrary code via the adm mod pwd action, which is a buffer overflow vulnerability. This vulnerability can be exploited to gain...

PT-2024-18238 · Shopwind · Shopwind

Name of the Vulnerable Software and Affected Versions: Shopwind versions up to 4.6 Description: A critical issue affects the actionCreate function of the /public/install/controllers/DefaultController.php file in the Installation component, leading to code injection. The attack can be initiated...

PT-2024-14329 · Yonbip · Yonbip

Name of the Vulnerable Software and Affected Versions: YonBIP version 3 23.05 Description: An arbitrary file upload vulnerability in the doAction method of nccloud.web.arcp.taskmonitor.action.ArcpUploadAction allows attackers to execute arbitrary code via uploading a crafted file. Recommendations...

PT-2023-5887 · D Link · D-Link D-View

Name of the Vulnerable Software and Affected Versions: D-Link D-View affected versions not specified Description: This issue allows remote attackers to create a denial-of-service condition on affected installations of D-Link D-View. The specific flaw exists within the shutdown coreserver action,...

PT-2023-27616 · Phpjabbers · Phpjabbers Fundraising Script

Name of the Vulnerable Software and Affected Versions: PHPJabbers Fundraising Script version 1.0 Description: The issue is related to Cross Site Scripting XSS via the action parameter of "index.php". This allows for potential malicious script execution. The estimated number of potentially affecte...

PT-2023-12071

Name of the Vulnerable Software and Affected Versions Qubely WordPress plugin versions prior to 1.8.6 Description The issue allows an unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubely send form data AJAX action. Recommendations For versions prior to 1.8.6, updat...

PT-2023-12447 · WordPress · Unauthenticated Account Creation

Name of the Vulnerable Software and Affected Versions: Unauthenticated Account Creation plugin for WordPress versions up to, and including, 1.6.6 Description: The issue allows unauthenticated attackers to create accounts, including those with administrator privileges, due to the stm listing...

PT-2019-5239 · Davical · Davical

Name of the Vulnerable Software and Affected Versions: DAViCal versions through 1.1.8 Description: A reflected XSS issue was discovered in DAViCal. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can vie...

Design/Logic Flaw

The Restrictions aka Parental Controls implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step via an app that performs purchase transactions...