EUVD-2026-36548

Actual is an open-source personal finance application. Prior to version 26.5.0, several endpoints are affected by a path traversal vulnerability. Version 26.5.0 fixes the issue...

CVE-2026-33132

A flaw was found in ZITADEL, an open-source identity management platform. A user could bypass organization enforcement during authentication due to missing controls in device authorization requests and specific login and OIDC API endpoints. This allowed users to sign in with credentials from othe...

PT-2025-7176 · Rupeeweb · Rupeeweb

Name of the Vulnerable Software and Affected Versions: RupeeWeb trading platform affected versions not specified Description: This issue exists due to improper implementation of the OTP validation mechanism in certain API endpoints. A remote attacker with valid credentials could exploit this by...

wp-english-wp-admin 跨站请求伪造漏洞

wp-english-wp-admin is a WordPress plugin by Stanislav Khromov personal developer. It allows users to change the admin language to English. A cross-site request forgery vulnerability exists in versions prior to wp-english-wp-admin 1.5.3, which stems from an issue with the function registerendpoin...