CVE-2026-40989

Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud...

CVE-2026-45444 WordPress Gift Cards For WooCommerce Pro plugin <= 4.2.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6...

WordPress Gift Cards For WooCommerce Pro plugin <= 4.2.6 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Joe Bruno, Principal Security Engineer @ Monarx in WordPress Plugin Gift Cards For WooCommerce Pro versions = 4.2.6...

CVE-2026-6072 Oliver POS <= 2.4.2.6 - Unauthenticated Authorization Bypass Through User-Controlled Key to 'OliverAuth' Header

The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.4.2.6. The plugin protects its entire /wp-json/pos-bridge/ REST API namespace through the oliverposrestauthentication...

CVE-2025-69358 WordPress EventPrime plugin <= 4.2.6.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through = 4.2.6.0...

CVE-2026-22426

creationtimestamp| type| source ---|---|--- 2026-01-22 17:46:11+00:00| seen| https://gist.github.com/Darkcrai86/1dd9289803bef694101f7f5241b901ce...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000817)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000817 advisory. The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service host OS panic or hang by...

CVE-2025-64367 WordPress Groundhogg plugin <= 4.2.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Adrian Tobey Groundhogg groundhogg allows Stored XSS.This issue affects Groundhogg: from n/a through = 4.2.6...

PT-2025-44618

Name of the Vulnerable Software and Affected Versions Groundhogg versions through 4.2.6 Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious scripts can be stored on...

WordPress plugin Ultimate WordPress Auction Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-3561 · Fortinet · Fortisandbox

Name of the Vulnerable Software and Affected Versions: FortiSandbox versions 4.2.0 through 4.2.6 FortiSandbox versions 4.4.0 through 4.4.4 Description: The issue is related to the client-side enforcement of server-side security in FortiSandbox. It allows an attacker to execute unauthorized code o...

Vulnerabilities fixed in IBM Aspera Connect and Aspera Cargo

IBM has fixed vulnerabilities in Aspera Connect and Aspera Cargo. A malicious party could exploit the vulnerabilities to access gain access to login credentials, or to be able to execute arbitrary code execute with application privileges. IBM has released updates to fix the vulnerabilities in...

CVE-2022-24263

creationtimestamp| type| source ---|---|--- 2022-02-01 00:25:38+00:00| seen| https://t.me/cibsecurity/36604...

PT-2020-17380 · Terramaster · Terramaster Tos

Name of the Vulnerable Software and Affected Versions: TerraMaster TOS versions 4.2.06 and earlier Description: An unauthenticated command-execution issue exists via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation. Recommendations: For TerraMaster TOS versio...

CVE-2018-19548

index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginFormusername and LoginFormpassword parameters, which might make it easier for remote attackers to obtain access via a brute-force approach...

CVE-2017-13072

Cross-site scripting XSS vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code...

UBUNTU-CVE-2018-1000088

Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting XSS vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be...

CVE-2017-7629

QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function...