CVE-2026-40797

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saleswonder LLC WebinarIgnition allows Blind SQL Injection. This issue affects WebinarIgnition: from n/a through 4.08.253...

CVE-2025-70985

Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scope...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002960)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002960 advisory. The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service stack consumption and panic or possibly have unspecified other...

CVE-2025-67090

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. An unauthenticated attacker on the local netwo...

CVE-2025-67090

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. An unauthenticated attacker on the local netwo...

WordPress XCloner plugin <= 4.8.2 - Cross-Site Request Forgery in Xcloner_Remote_Storage:save() vulnerability

Cross-Site Request Forgery in XclonerRemoteStorage:save vulnerability discovered by Rafshanzani Suhada in WordPress Plugin XCloner versions = 4.8.2...

WordPress Jobmonster theme <= 4.8.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Jobmonster versions = 4.8.2...

EUVD-2025-202122

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in NooTheme Jobmonster noo-jobmonster allows PHP Local File Inclusion.This issue affects Jobmonster: from n/a through = 4.8.2...

WordPress plugin Backup, Restore and Migrate your sites with XCloner 跨站请求伪造漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. The WordPress plug...

syslog-ng 安全漏洞

syslog-ng is an enhanced logging daemon from the syslog-ng team team. A wide range of input and output methods are supported: syslog, unstructured text, queues, SQL and NoSQL. A security vulnerability exists in syslog-ng versions prior to 4.8.2, which stems from the tlswildcardmatch function...

CVE-2023-37482

The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames...

PT-2025-4966 · Unknown · Eelv-Newsletter

Name of the Vulnerable Software and Affected Versions: EELV Newsletter versions prior to 4.8.2 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This enables an attacker to inject...

WordPress EELV Newsletter plugin <= 4.8.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by thiennv Patchstack Alliance in WordPress Plugin EELV Newsletter versions = 4.8.2...

PT-2021-21140 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: SilverStripe Framework versions prior to 4.8.2 Description: The issue allows for XSS. Recommendations: For versions prior to 4.8.2, update to version 4.8.2 or later to resolve the issue...

McAfee 数据库 安全漏洞

Mcafee Database Security Server is a database security software from Mcafee USA. The software provides users with an overall view of their database and the corresponding security status, protecting business-critical databases from external, internal and insider database threats in real time. A...

PT-2021-15597 · Mcafee · Mcafee Database Security

Name of the Vulnerable Software and Affected Versions: McAfee Database Security versions prior to 4.8.2 Description: The issue allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent t...

WordPress oEmbed discovery cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on servers with PHP and MySQL. oEmbed discovery is one of the oEmbed search plugin. A cross-site scripting vulnerability exists in oEmbed...

WordPress ZipArchive and PclZip Component Directory Traversal Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports in PHP and MySQL servers to set up a personal blog site . ZipArchive and PclZip components are among the compression/decompression components . A directory traversal...

DEBIAN-CVE-2017-14721

Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name...

PT-2016-7214 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 4.8.2 Description: The issue concerns the filesystem implementation in the Linux kernel, which preserves the setgid bit during a setxattr call. This allows local users to gain group privileges by leveraging the...