EUVD-2026-30301

vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external...

CVE-2026-36765

An XML external entity XXE vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload...

WordPress plugin HM Books Gallery 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2026-31881 Runtipi unauthenticated /api/auth/reset-password allows operator account takeover during active reset window

Runtipi is a personal homeserver orchestrator. Prior to 4.8.0, an unauthenticated attacker can reset the operator admin password when a password-reset request is active, resulting in full account takeover. The endpoint POST /api/auth/reset-password is exposed without authentication/authorization...

CVE-2025-11699

nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination, allowing an attacker who has a a valid session cookie access to privileged endpoints such as /admin even after the legitimate user has logged out, enabling session hijacking...

Docker Desktop 安全漏洞

Docker Desktop is a desktop software for lightweight deployment of applications based on container technology from Docker Inc. in the United States. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

CVE-2025-57887

CVE-2025-57887 describes a stored cross-site scripting vulnerability in the NooTheme Jobmonster WordPress theme, affecting versions up to 4.8.0. The root cause is improper neutralization of input during web page generation, enabling injection of malicious scripts into pages (Stored XSS). The CVE’...

OESA-2025-1671 plexus-archiver security update

The Plexus project provides a full software stack for creating and executing software projects. It provides a number of pre-built components for common tasks and toolkits such as Jetty, Velocity, Hibernate, i18n, and many more. However, Plexus is also able to reuse your existing components writte...

Linux Distros Unpatched Vulnerability : CVE-2022-24805

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the INDEX of...

WordPress Plugin Bold Page Builder Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

SUSE CVE-2020-10233

In version 4.8.0 and earlier of The Sleuth Kit TSK, there is a heap-based buffer over-read in ntfsdinodelookup in fs/ntfs.c...

CVE-2022-48006

creationtimestamp| type| source ---|---|--- 2023-01-31 00:43:35+00:00| seen| https://t.me/cibsecurity/57170...

CVE-2022-48069

creationtimestamp| type| source ---|---|--- 2023-01-27 18:34:28+00:00| seen| https://t.me/cibsecurity/57045...

SEO Panel 跨站脚本漏洞

SEO Panel is a free, open source SEO optimization software. A cross-site scripting vulnerability exists in SEO Panel version 4.8.0. The vulnerability can be exploited to inject JavaScript via the type parameter in archive.php...

Katy Voor HHVM 缓冲区错误漏洞

Katy Voor HHVM is an open source application by Katy Voor. Provides an open source virtual machine designed to execute programs written in Hack. A security vulnerability exists in HHVM that stems from a write out-of-bounds if a buffer is full. The following products and versions are affected: HHV...

CVE-2019-7655

Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the 1 customList%5B0%5D.value field in enginemanager/server/serversetup/editadv.htm of the Server Setup configuration or the 2 host field in enginemanager/jspringsecuritycheck of the login form. This issu...