CVE-2025-59096

CVE-2025-59096 describes a weak default password in dormakaba Kaba exos 9300 (U9ExosAdmin.exe, extended admin mode). Root cause: hard-coded default password present in multiple locations and in local user docs. Impact (per provided data): local attacker with HIGH privileges and LOCAL access could...

PT-2026-4746

The default password for the extended admin user mode in the application U9ExosAdmin.exe "Kaba 9300 Administration" is hard-coded in multiple locations as well as documented in the locally stored user documentation...

[SECURITY] Fedora 42 Update: python3.11-3.11.14-4.fc42

Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.11 package provides the "python3.11" executable:...

CVE-2025-13921

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocsuserdocumentationhandlingcapabilities' function in all versions up to, and including, 2.1.1...

EUVD-2026-4355

Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through = 11.0.0...

CVE-2025-13921 weDocs <= 2.1.16 - Missing Authorization to Authenticated (Subscriber+) Documentation Post Update

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocsuserdocumentationhandlingcapabilities' function in all versions up to, and including, 2.1.1...

CVE-2025-13921 weDocs <= 2.1.16 - Missing Authorization to Authenticated (Subscriber+) Documentation Post Update

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocsuserdocumentationhandlingcapabilities' function in all versions up to, and including, 2.1.1...

CVE-2025-13921

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocsuserdocumentationhandlingcapabilities' function in all versions up to, and including, 2.1.1...

PT-2026-4355

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocs user documentation handling capabilities' function in all versions up to, and including,...

Important: Red Hat Security Advisory: Red Hat OpenShift Pipelines Release 1.21.0

The 1.21.0 GA release of Red Hat OpenShift Pipelines Operator.. For more details see product documentation. The 1.21.0 release of Red Hat OpenShift Pipelines Operator...

MiracleLinux 7 : orc-0.4.26-1.0.1.el7.AXS7 (AXSA:2024-8902:03)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8902:03 advisory. CVE-2024-40897: fix stack buffer overflow while construct error messages Disable gtk-doc building due lack of gtkdoc-mktmpl command in gtk-doc-1.28-2.el7 CVE...

MiracleLinux 7 : python-2.7.5-89.0.1.el7.AXS7 (AXSA:2020-863:49)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-863:49 advisory. python: XSS vulnerability in the documentation XML-RPC server in servertitle field CVE-2019-16935 Tenable has extracted the preceding description block direct...

HotCRP Conference Review Software security vulnerabilities

HotCRP Conference Review Software is a software developed by Eddie Kohler. It is used to manage review processes, especially for academic conferences. HotCRP Conference Review Software has a security vulnerability, which stems from defects in the documentation API. This vulnerability could allow...

[SECURITY] Fedora 42 Update: python3.12-3.12.12-2.fc42

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable:...

HSEC-2024-0004 Hackage package and doc upload stored XSS vulnerability

Hackage package and doc upload stored XSS vulnerability Author: Fraser Tweedale Haskell SRT Executive summary A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and JavaScript files provided in source packages or via the documentation upload facility were served...

PT-2026-32986

Hackage package and doc upload stored XSS vulnerability Author: Fraser Tweedale Haskell SRT Executive summary A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and JavaScript files provided in source packages or via the documentation upload facility were served...

red-team-arsenal

🎯 Red Team Arsenal !Versionhttps://img.shields.io/badge/...

CVE-2026-22237 Exposed Internal API Documentation Vulnerability in BLUVOYIX

The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability...

CVE-2026-22237 Exposed Internal API Documentation Vulnerability in BLUVOYIX

The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability...

CVE-2026-22237

Technical details (affected products/versions/patch information) are not publicly provided in the supplied documents. Monitor for updates from the cited sources and Red Hat/EUVD/CVELIST entries for concrete details.