CVE-2026-4038 Aimogen Pro <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call

The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomaticcallaifunctionrealtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers ...

CVE-2026-4038 Aimogen Pro <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call

The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomaticcallaifunctionrealtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers ...

CVE-2026-4038

The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomaticcallaifunctionrealtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers ...

GHSA-V3XV-8VC3-H2M6 PySpector has a Plugin Sandbox Bypass leads to Arbitrary Code Execution

Summary PySpector versions = 0.1.6 are affected by a security validation bypass in the plugin system. The validateplugincode function in pluginsystem.py, performs static AST analysis to block dangerous API calls before a plugin is trusted and executed. However, the internal resolvename helper onl...

CVE-2026-27688

Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially...

EUVD-2026-10459

Due to a Missing Authorization Check in SAP Business Warehouse Service API, an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request...

EUVD-2026-10458

Due to a Missing Authorization Check in SAP Business Warehouse Service API, an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request...

CVE-2026-27686

Due to a Missing Authorization Check in SAP Business Warehouse Service API, an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request...

CVE-2026-27195

Wasmtime CVE-2026-27195 describes a panic in the component-model-async path when a host drops a future returned by TypedFunc::call_async on a guest export after a second call without awaiting completion. In affected builds (with component-model-async enabled by default since Wasmtime 39.0.0), thi...

CVE-2026-27195 Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future

Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of TypedFunc::callasync which made it capable of calling async-typed guest export functions. However, that implementation had a bu...

OSV-2026-292 UNKNOWN WRITE in <wasmtime::runtime::func::Func>::call_unchecked_raw::<

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=486503337 Crash type: UNKNOWN WRITE Crash state: ::calluncheckedraw::::queuecall...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the call to the complete function when holding a lock. This could lead to reusing the lock after ...

OSV-2026-203 Segv on unknown address in glslang::TIntermediate::addSymbol

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=481635421 Crash type: Segv on unknown address Crash state: glslang::TIntermediate::addSymbol glslang::HlslParseContext::handleFunctionCall glslang::HlslParseContext::transformEntryPoint...

Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step that exposes the final 1-15 bytes of a message when the low-level OCB API is used directly with AES-NI or other hardware accelerated code paths. Common implementations of openssl using EVP are not vulnerable...

CVE-2026-0491

SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively...

CVE-2026-0506

The CVE-2026-0506 issue affects SAP NetWeaver ABAP/ABAP Platform (Application Server ABAP) and is caused by a Missing Authorization Check in an RFC function that can execute FORM routines. An authenticated attacker could write/modify data accessible via FORMs and invoke system functionality expos...

CVE-2026-0498 Code Injection vulnerability in SAP S/4HANA (Private Cloud and On-Premise)

SAP S/4HANA Private Cloud and On-Premise allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability...

CVE-2026-0491 Code Injection vulnerability in SAP Landscape Transformation

SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively...

CVE-2026-0491 Code Injection vulnerability in SAP Landscape Transformation

SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively...

PT-2026-2327

Name of the Vulnerable Software and Affected Versions SAP Landscape Transformation affected versions not specified Description The software contains a flaw in a function module exposed via Remote Function Call RFC that allows an attacker with administrative privileges to inject arbitrary ABAP cod...