WordPress App Builder – Create Native Android & iOS Apps On The Flight plugin <= 5.6.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Avatar Modification vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary User Avatar Modification vulnerability discovered by Ren Voza in WordPress Plugin App Builder versions = 5.6.0...

Oracle Linux 8 : libxml2 (ELSA-2026-11349)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-11349 advisory. - Fix CVE-2025-9714 RHEL-119279 - Fix CVE-2025-32415 RHEL-100177 - Fix CVE-2025-7425 RHEL-102797 - Fix CVE-2025-6021 RHEL-96498 - Fix CVE-2025-49794 RHEL-96398...

PT-2026-27986

Name of the Vulnerable Software and Affected Versions magepeopleteam Bus Ticket Booking with Seat Reservation versions through 5.6.0 Description The software contains a flaw related to the deserialization of untrusted data, which allows for object injection. This issue impacts Bus Ticket Booking...

CVE-2026-33157 Craft CMS: Potential authenticated Remote Code Execution via malicious attached Behavior

Craft CMS is a content management system CMS. From version 5.6.0 to before version 5.9.13, a Remote Code Execution RCE vulnerability exists in Craft CMS, it can be exploited by any authenticated user with control panel access. This is a bypass of a previous fix. The existing patches add...

Exploit for Embedded Malicious Code in Tukaani Xz

xzdoor-poc !License: MIThttps://img.shields.io/badge/Lice...

CVE-2025-15260

The CVE applies to the WordPress plugin “MyRewards – Loyalty Points and Rewards for WooCommerce.” Connected sources confirm: vulnerable in all versions up to 5.6.0 (and PwC+ sources indicate up to 5.6.0) where the plugin fails to verify user authorization in the ajax function. This permits authen...

CVE-2026-1778

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...

WordPress Element Pack Elementor Addons plugin <= 5.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Price List Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Price List Widget vulnerability discovered by wesley wcraft in WordPress Plugin Element Pack Elementor Addons versions = 5.6.0...

Linux Distros Unpatched Vulnerability : CVE-2025-61783

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail ev...

CVE-2025-11371

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and...

DEBIAN-CVE-2025-61783

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service doe...

PT-2025-41492

Name of the Vulnerable Software and Affected Versions Python Social Auth versions prior to 5.6.0 Description Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, a user could be associated by email during authentication even if the associate by email...

CVE-2025-50340

An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...

PYSEC-2025-118

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path. This...

Elastic Security Statement for CVE-2024-3094, xz versions 5.6.0 and 5.6.1

Elastic Products are not affected by this issue. On March 29th, 2024, Elastic became aware of the malicious code planted in the xz package. Elastic has performed an investigation to identify any Elastic Products which may be impacted by this issue and we have concluded that no Elastic products us...

WordPress Element Pack Elementor Addons plugin <= 5.6.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin Element Pack Elementor Addons versions = 5.6.0...

Vulnerability fixed in liblzma (XZ Utils)

Malicious code has been found in liblzma XZ Utils software. XZ Utils is used for compression of data and may be present in Linux distributions. The vulnerability has been labeled CVE-2024-3094 and has been found in versions 5.6.0 and 5.6.1 of XZ Utils. A malicious party can exploit the...

Tiny Technologies TinyMCE Cross-Site Scripting Vulnerability

Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies, USA. A cross-site scripting vulnerability exists in Tiny Technologies TinyMCE prior to version 5.6.0, which originated from a vulnerability that could allow a remote attacker to insert crafted HTML into the editor, resulting ...

CVE-2023-3058

A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the publi...

CVE-2022-41566

The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 5.6.0 and...