CVE-2026-30915

SFTPGo (open source file transfer app) before v2.7.1 is affected by an input validation issue in dynamic group paths, where placeholders like %username% are not strictly sanitized against relative path components. This can allow a crafted username to cause the substituted path for a group’s home ...

WordPress Product Filter by WBW Plugin <= 2.7.0 is vulnerable to SQL Injection

Software Product Filter by WBW Type Plugin Vulnerable versions = 2.7.0 Fixed in 2.7.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49691 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 6688f0876dc2 Credits Hakiduck Required privilege Administrator...