CVE-2026-6279

The Avada Builder fusion-builder plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. This is due to the wpconditionaltags case in FusionBuilderConditionalRenderHelper::getvalue passing attacker-controlled...

CVE-2025-12266

CVE-2025-12266 affects Zytec Dalian Zhuoyun Technology Central Authentication Service. The vulnerability is in the function _empty of /index.php/auth/widget; manipulation of the parameters get.layer, get.widget, and get.action can trigger remote code injection. The exploit is public and can be us...

Zytec Central Authentication Service 代码注入漏洞

Zytec Central Authentication Service is a centralized authentication service from China's Zhuo Yun Zytec Company. A code injection vulnerability exists in Zytec Central Authentication Service 20251009 and earlier versions, which stems from incorrect manipulation of the parameters get.layer,...

Cross-site Scripting (XSS)

Overview prestashop/pscontactinfo is a package for displaying additional information about your store's customer service. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the getWidgetVariables function, due to the use of the nofilter tag, which allows malicious...

PT-2023-23858 · Trend Micro · Trend Micro Mobile Security

Name of the Vulnerable Software and Affected Versions: Trend Micro Mobile Security Enterprise version 9.8 SP5 Description: The issue allows a remote attacker to execute arbitrary code on affected installations. To exploit this, an attacker must first obtain the ability to execute low-privileged...