WordPress plugin Stripe Payment Gateway for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

Vinades NukeViet 跨站脚本漏洞

Vinades NukeViet is an open-source content management system CMS developed by the Vietnamese company Vinades. Versions of Vinades NukeViet 4.5.07 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from insufficient input cleansing on the server side, which could lead...

EUVD-2026-19769

Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue...

CVE-2026-32816

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the delete, activate, and deactivate modes in modules/groups-roles/groupsroles.php perform destructive state changes on organizational roles but never validate an anti-CSRF token. The client-side UI passes a CSRF...

CVE-2026-32755

Admidio is an open-source user management solution. In versions 5.0.6 and below, the savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and...

CVE-2026-32755 Admidio is Missing CSRF Protection on Role Membership Date Changes

Admidio is an open-source user management solution. In versions 5.0.6 and below, the savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and...

Cross-site Request Forgery (CSRF)

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the savemembership process. An attacker can alter membership start and end dates for any member of...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000174)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000174 advisory. An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override...

CVE-2022-50726

creationtimestamp| type| source ---|---|--- 2025-12-24 14:00:55+00:00| seen| https://gist.github.com/Darkcrai86/f75cb648989cb96d48fa5af85c6509d2...

CVE-2025-68523 WordPress Spiffy Calendar plugin <= 5.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spiffy Calendar: from n/a through = 5.0.7...

CVE-2022-50701

creationtimestamp| type| source ---|---|--- 2025-12-24 12:22:28+00:00| seen| https://gist.github.com/Darkcrai86/849eb921974288c970abdb2c58358143...

CVE-2022-50704

In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix use-after-free during usb config switch In the process of switching USB config from rndis to other config, if the hardware does not support the -pullup callback, or the hardware encounters a low probability fault...

CVE-2025-66290 OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Candidate Attachments

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application’s recruitment attachment retrieval endpoint does not enforce the required authorization checks before serving candidate files. Even users restricted to ESS-level access, who have no...

CVE-2025-66289 OrangeHRM is Vulnerable to Persistent Session Access Due to Missing Invalidation After User Disable and Password Change

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, o...

CVE-2025-66224

OrangeHRM versions 5.0–5.7 contain an input-neutralization flaw in mail configuration and delivery workflow where user-controlled values flow into the sendmail path without sanitization, allowing OS command strings to be constructed and enabling file writes on the server and potential code execut...

CVE-2025-47213

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

KB5065430: Windows 10 LTS 1507 Security Update (September 2025)

The remote Windows host is missing security update 5065430. It is, therefore, affected by multiple vulnerabilities - SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make t...

No Boss Calendar SQL注入漏洞

No Boss Calendar is a Joomla calendar plugin from Brazilian company No Boss. A SQL injection vulnerability exists in No Boss Calendar versions prior to 5.0.7, which stems from an SQL injection in the idmodule parameter...

Best Practical RT 跨站脚本漏洞

Best Practical RT is a request tracker from Best Practical, Inc. A cross-site scripting vulnerability exists in Best Practical RT versions 5.0 through 5.0.7, which stems from the injection of JavaScript into an asset name and could lead to cross-site scripting...

Demtec Graphytics 代码注入漏洞

Demtec Graphytics is an application from Demtec Corporation. A code injection vulnerability exists in Demtec Graphytics version 5.0.7 that stems from improper handling of the description parameter in the /visualization file, which could lead to a cross-site scripting attack...