PT-2026-40785

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where any user with Editor permissions can delete any snapshot, regardless of whether they have the necessary read or write access to those...

CubeCart 代码注入漏洞

CubeCart is an open-source e-commerce software developed by CubeCart. Prior to version 6.7.3, there was a code injection vulnerability in CubeCart. This vulnerability stemmed from administrators with document editing privileges being able to save raw PHP code in the invoice editor. As a result,...

PT-2026-40791

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An Editor can overwrite a dashboard they do not own to acquire admin privileges for that specific dashboard. This privilege escalation requires the user to have...

PT-2026-40814

Name of the Vulnerable Software and Affected Versions CubeCart versions prior to 6.7.3 Description An administrator with documents edit permission can save raw PHP code into the Invoice Editor. When any administrator clicks Print on an order, the rendered template is written to files/print..php...

Dashboard Import Overwrites ACL — Editor Privilege Escalation to Dashboard Admin

An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege...

PT-2026-40782

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Users with editor privileges can delete any annotation, including those for which they lack read access, despite being unable to create or read annotations...

gimp: GIMP: Remote Code Execution via PSP file parsing

A flaw was found in GIMP. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PSP PaintShop Pro file. This flaw is caused by a heap-based buffer overflow, where the application does not properly validate the length of user-supplied data. Successful...

CVE-2026-42289 ChurchCRM: Cross-Site Request Forgery (CSRF) Leading to Admin Privilege Escalation

ChurchCRM is an open-source church management system. Prior to 7.3.2, UserEditor.php processes user account creation and permission updates entirely through $POST parameters with no CSRF token validation. An unauthenticated attacker can craft a malicious HTML page that, when visited by an...

CVE-2026-41195 mosparo: Rule package source URL stored SSRF enables internal HTTP probing

mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker-controlled URL that the server later fetches. Because the server follows http/https redirects and...

CVE-2026-41195

mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker-controlled URL that the server later fetches. Because the server follows http/https redirects and...

CVE-2026-41195

In mosparo, a vulnerability exists prior to version 1.4.13 where a project member with the editor role can abuse the automatic rule package source URL feature to store an attacker-controlled URL that the server fetches. The server follows HTTP/HTTPS redirects and does not restrict private or loop...

CVE-2026-41613 Visual Studio Code Elevation of Privilege Vulnerability

...

CVE-2026-43937

YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5, Any admin OnPost… handler executes its side effects before the ResultFilterAttribute rewrites the response to a 302 to /Info/4. The most impactful abuse is /Admin/RunSql, whose OnPostRunQuery binds Editor from the POST body and...

EUVD-2026-29455

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 BEAR woo-bulk-editor allows Blind SQL Injection.This issue affects BEAR: from n/a through = 1.1.7.1...

CVE-2026-45213

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 BEAR woo-bulk-editor allows Blind SQL Injection.This issue affects BEAR: from n/a through = 1.1.7.1...

CVE-2026-45213 WordPress BEAR plugin <= 1.1.7.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 BEAR woo-bulk-editor allows Blind SQL Injection.This issue affects BEAR: from n/a through = 1.1.7.1...

CVE-2026-45213

CVE-2026-45213 concerns the WordPress BEAR woo-bulk-editor plugin (RealMag777) with a SQL Injection vulnerability due to improper neutralization of special elements in SQL commands, enabling blind SQL injection. Affected versions are BEAR: from n/a through

CVE-2026-45213

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 BEAR woo-bulk-editor allows Blind SQL Injection.This issue affects BEAR: from n/a through = 1.1.7.1...

KLA91038 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges, execute arbitrary code, obtain sensitive information. Below is a complete list of...

PT-2026-40450

mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker-controlled URL that the server later fetches. Because the server follows http/https redirects and...