EUVD-2026-22910

Missing Authorization vulnerability in Long Watch Studio MyRewards woorewards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyRewards: from n/a through = 5.7.3...

CVE-2026-33171 Statamic has a path traversal in file dictionary fieldtype

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.14 and 6.7.0, authenticated Control Panel users could read arbitrary .json, .yaml, and .csv files from the server by manipulating the file dictionary's filename configuration parameter in the fieldtype's...

CVE-2026-28423

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, when Glide image manipulation is used in insecure mode which is not the default, the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary...

Statamic affected by privilege escalation via stored cross-site scripting

Impact Stored XSS vulnerability in html fieldtypes allow authenticated users with field management permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Patches This has been fixed in 6.3.2 and 5.73.9...

CVE-2026-25224 Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream

Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream or Response with a Web Stream body via...

PT-2026-5743

Name of the Vulnerable Software and Affected Versions Fastify versions prior to 5.7.3 Description Fastify is a web framework for Node.js. A denial-of-service condition exists in Fastify’s Web Streams response handling. A slow or non-reading client can cause unbounded buffering when backpressure i...

MiracleLinux 8 : php:7.4 (AXSA:2022-3573:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3573:01 advisory. php: Local privilege escalation via PHP-FPM CVE-2021-21703 php: SSRF bypass in FILTERVALIDATEURL CVE-2021-21705 Tenable has extracted the preceding...

CVE-2020-36866

Nagios XI versions prior to 5.7.3 are vulnerable to cross-site scripting XSS via the Manage Users page of the Admin interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2020-36867 Nagios XI < 5.7.3 Command Injection in Report PDF Download

Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. User-supplied values used in the PDF generation pipeline or the wrapper that invokes offline/pdf helper utilities were insufficiently validated or improperly escaped,...

PT-2025-44471

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.7.3 Description Nagios XI versions prior to 5.7.3 have a privilege escalation issue in the getprofile.sh helper script. The script handles profile retrieval and initialization with insecure file and command...

PT-2025-44470

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.7.3 Description Nagios XI versions prior to 5.7.3 contain a command injection issue in the report PDF download/export functionality. Insufficient validation or improper escaping of user-supplied values used in the...

CVE-2025-7721 JoomSport <= 5.7.3 - Unauthenticated Directory Traversal to Local File Inclusion

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.7.3 via the task parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the...

CVE-2025-7721 JoomSport <= 5.7.3 - Unauthenticated Directory Traversal to Local File Inclusion

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.7.3 via the task parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the...

PT-2025-40476

Name of the Vulnerable Software and Affected Versions JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress versions prior to 5.7.4 Description The JoomSport plugin for WordPress is susceptible to a Local File Inclusion issue through the task parameter. This allows...

WordPress Revi.io plugin <= 5.7.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Revi.io versions = 5.7.3...

Zoom Client 安全漏洞

Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. A security vulnerability exists in Zoom Client macOS Standard and IT Administrator Editions version 5.7.3 through versions prior to 5.11.6. An attacker exploited the vulnerability to escalate to...

ZOOM Client 代码问题漏洞

Zoom Client is a multi-platform video conferencing client application from Zoom, Inc. A server-side request forgery vulnerability exists in Zoom Client for Meetings prior to version 5.7.3, which stems from the product's failure to properly validate user input and could be exploited by attackers t...

PT-2021-19541 · Mcafee · Mcafee Agent For Windows

Name of the Vulnerable Software and Affected Versions: McAfee Agent for Windows versions prior to 5.7.3 Description: The issue is related to improper privilege management, allowing a local user to modify event information in the MA event folder. This enables the user to add false events or remove...

Linux kernel code issue vulnerability (CNVD-2020-68542)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in versions of Linux kernel prior to 5.7.3, which stems from the presence of an issue related to mm/gup.c and mm/hugememory.c. The getuserpages...

Nagios XI Cross-Site Request Forgery Vulnerability

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. Nagios XI version 5.7.3 suffers from a cross-site request forgery vulnerability that can be exploited by...